I'm working with a SSO Saml authentication flow which looks as follows:
- User sends SAMLRequest
- User is redirected to IdP login page
- User submits login details
- IdP authenticates and redirects to my consumer assertion processing page
- Access token extracted and submitted for a token to interact with API
I'm stuck on step 5. In fiddler, I can see the request header being sent with the required SAMLResponse posted, but it does not show in $_POST, $_GET and I've tried file_get_contents('php://input'). The response is the result of a 301 redirect.
The incoming header request with the required SAMLResponse redirected (301) to my assertion consumer page looks as follows. I can't figure out how to extract the posted parameter SAMLResponse?
POST http://localhost/xxxxxxxxxxx Host: localhost Connection: keep-alive Content-Length: 7710 Cache-Control: max-age=0 Origin: null Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.8 Cookie: optimizelyEndUserId=oeu1463724346007r0.9674156716176872; ajs_anonymous_id=%22c336991a-286a-4278-8cb2-3d00d784f376%22; optimizelySegments=%7B%225943211328%22%3A%22direct%22%2C%225934960299%22%3A%22false%22%2C%225952160221%22%3A%22gc%22%7D; optimizelyBuckets=%7B%7D; ajs_user_id=null; ajs_group_id=null; _ga=GA1.1.1336717339.1458634274; PHPSESSID=imtffdda2a6g576rtd0vpb8ro2
SAMLResponse=xxxxxxxxxxxxxxxx
I've been scanning the web for a week but have not found a solution. Thanks in advance for any help.
It turns out I was missing a trailing / on my consumer assertion url which of course meant the server was redirecting to index.php resulting in the loss of post vabriables.