wrong to hardcode check_path

[bendavies]

@jfsimon

From my investigation, it seems like it is incorrect to hard code the check_path parameter for the service validation.

Should the service provided to the validateService method on an cas server just be the current url, with the ticket parameter removed?

I am overriding the TrustedSsoAuthenticationListener in our implementation to do the above at the moment.

The reason for this is as follows:
My service url can differ between login requests, to include a redirect parameter to be handled by the symfony2 authentication success handler. Example:

My service provided to the cas server could be:

http://www.domain.dev/auth/login_check?_target_path=https%3A%2F%2Fwww.domain.com%2Fpath

The _target_path should can vary.

Symfony would then pick this up after authentication: https://github.com/symfony/symfony/blob/4aab341d59ba217a70e7c114c73ac00a61e75377/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php#L94

However, due to:

BeSimpleSsoAuthBundle/Security/Http/Firewall/TrustedSsoAuthenticationListener.php

Line 20 in 2f9982c

$manager = $this->factory->getManager($this->options['manager'], $request->getUriForPath($this->options['check_path']));

The service is incorrectly passed back to the SSO server for validation, and validation will fail due to non matching services between login and validation. My feeling, as above, is the service should be the current url, minus the ticket parameter.

Thoughts?