This project is read-only.
1
Vote

Single Sign On Service endpoint already contains url params. Auth request may not account for this

description

Per our discussion here: https://saml2.codeplex.com/discussions/657516

It looks like the redirect protocol binding will append a "?" after the single sign on destination even if that destination url already contains params.

From the topic in question:
The Single Sign On service's location is something like "https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=[some guid]". When the request is made, it looks like SAML2 will append a "?" before the SAMLRequest is added to the URL so it becomes: "https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=[some guid]?SAMLRequest=[encoded xml string]".

Just need a means to check if URL params exist in the destination url already and to use a '&' to append the saml request instead if they do.

Thanks!

comments

MikeSource wrote Sep 1, 2016 at 1:31 PM

Just to close this out in case anyone in the future stumbles upon this one. I did grab the latest after this fix was made and it resolved my issue. Reviewing the code, the fix looks perfect.

Thank you for resolving!