Hello, when connecting using LDAP or internal accounts, redirections work fine.

Example URL: https://glpi.domain.com/front/ticket.form.php?id=52916

However, when using SSO to login, I get a "Redirection failed" message and get brought to the default index dashboard homepage.

Any ideas on what that could be?

System:
Latest PHPSAML (as of 2024-01-15)
GLPI v 10.0.11
PHP 8.1

Hello,

I've got the same message as you when you want to open a link to a ticket directly.

Its a known issue that has been researched earlier, fixed for a short while and broke again with later GLPI versions. It has to do with how the redirect url is composed after redirected back by the identity provider. The function currently is using the _SERVER superglobal that is populated depending on the webserver setup, how the glpi instance it is called by the client, and it is not dealing with all possible variations that could occur. We should instead be using the GLPI configuration objects like 'base_url' to compose the correct redirect urls and paths.

At the moment I am not actively reasearching this issue as its a 'nice to have' for me atm. I am prioritizing breaking issues and other work over this one. Thanks for re-registering it though, because its a valid issue.

Same here, even connecting through the root url of glpi.

I got rid of the message this way:
./glpi/plugins/phpsaml/inc/phpsaml.class.php (l207-209) :

        if ($relayState) {
//            $REDIRECT = "?redirect=" . rawurlencode($relayState);
            $REDIRECT = "";
        }

I now have to search what kind of backfire I may suffer doing that...

Maybe have a look at: https://plugins.glpi-project.org/#/plugin/glpisaml.

The stable version will be available somewhere next month. It allready supports most of this plugin and has user right rules implemented as well.

Also nice to know, GLPI is considering of actively supporting this plugin for their paying customers as well. We are currently working together to get the plugin where it needs to be for this.