fix(acs): 尝试修复无法正确跳转 RelayState 的问题

Signed-off-by: 李东云 <dongyun.li@luxcreo.ai>

src/Services/Base.php

@@ -85,25 +85,31 @@ class Base extends AbstractService
     /**
      * 生成 URL
      *
-     * @param \LightSaml\Model\Protocol\AuthnRequest|\LightSaml\Model\Protocol\LogoutRequest $authnRequest
-     * @param string                                                                         $relayState
-     * @param array                                                                          $exactArguments
-     * @param bool                                                                           $returnUrl
+     * @param \LightSaml\Model\Protocol\AuthnRequest|\LightSaml\Model\Protocol\LogoutRequest|string $request 也可以直接传入
+     *                                                                                                       base_url，带不带
+     *                                                                                                       query 都支持
+     * @param string                                                                                $relayState
+     * @param array                                                                                 $exactArguments
+     * @param bool                                                                                  $returnUrl
      *
      * @return array|string
      */
-    protected function buildUrl(
-        AuthnRequest|LogoutRequest $authnRequest,
+    public function buildUrl(
+        AuthnRequest|LogoutRequest|string $request,
         string $relayState,
         array $exactArguments,
         bool $returnUrl
     ): string|array {
-        $bindingFactory = new BindingFactory();
-        $redirectBinding = $bindingFactory->create(SamlConstants::BINDING_SAML2_HTTP_REDIRECT);
-        $messageContext = new MessageContext();
-        $messageContext->setMessage($authnRequest);
-        $httpResponse = $redirectBinding->send($messageContext);
-        $url_parts = parse_url($httpResponse->getTargetUrl());
+        if (!is_string($request)) {
+            $bindingFactory = new BindingFactory();
+            $redirectBinding = $bindingFactory->create(SamlConstants::BINDING_SAML2_HTTP_REDIRECT);
+            $messageContext = new MessageContext();
+            $messageContext->setMessage($request);
+            $httpResponse = $redirectBinding->send($messageContext);
+            $request = $httpResponse->getTargetUrl();
+        }
+        
+        $url_parts = parse_url($request);
         
         $query = [];
         parse_str($url_parts['query'], $query);
@@ -125,7 +131,7 @@ class Base extends AbstractService
             return $query;
         }
         
-        return $idp_id . '?' . $url_parts['query'];
+        return $sso_url;
     }
     
     /**

src/Services/Sp/Assertion.php

@@ -104,7 +104,8 @@ class Assertion
         }
     
         // 据此判断是登录还是isLogin
-        if (!empty($this->base->getRelayStateFromResponse($response))) {
+        $relayState = $this->base->getRelayStateFromResponse($response);
+        if (!is_null($relayState)) {
             // 登录时的处理
             $url = config('saml.client.landing_host');
             $login_status_cookie = new Cookie(
@@ -120,7 +121,15 @@ class Assertion
                 ->withCookie($login_status_cookie)
                 ->raw(
                     new SwooleStream(
-                        sprintf('<script>window.location.href="%s"</script>', $url)
+                        sprintf(
+                            '<script>window.location.href="%s"</script>',
+                            $this->base->buildUrl(
+                                request: $url,
+                                relayState: $relayState,
+                                exactArguments: [],
+                                returnUrl: true
+                            )
+                        )
                     )
                 )->withHeader(Header::CONTENT_TYPE, 'text/html');
             // return $this->response->redirect($url, RFC7231::FOUND);