fixed sso authentication

main/auth/sso/sso.class.php

@@ -154,9 +154,12 @@ class sso {
                                 api_session_register('_user');
                                 event_login();
                                 // Redirect to homepage
-                                $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php';
+                                $protocol = api_get_setting('sso_authentication_protocol');
+                                $master_url = api_get_setting('sso_authentication_domain');
+                                $target = $protocol.$master_url;
+                                $sso_target = isset($target) ? $target : api_get_path(WEB_PATH) .'.index.php';
                                 header('Location: '. $sso_target);
-				exit;
+                                exit;
                             }
                         } else {
                             // user account expired

main/inc/local.inc.php

@@ -454,10 +454,12 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
                 // Redirect to master server
                 $osso->ask_master();
             } elseif (isset($_GET['sso_cookie'])) {
-                if (isset($_GET['sso_referer']) ? $_GET['sso_referer'] === $master['protocol']. $master_url : FALSE) {
+                $protocol = api_get_setting('sso_authentication_protocol');
+                $master_url = api_get_setting('sso_authentication_domain').api_get_setting('sso_authentication_auth_uri');
+                if (isset($_GET['sso_referer']) ? $_GET['sso_referer'] === $protocol.$master_url  : FALSE) {
                     //make all the process of checking 
                     //if the user exists (delegated to the sso class)
-                    $osso->check_user(); 
+                    $osso->check_user();
                 } else {
                     //Request comes from unknown source
                     $loginFailed = true;