Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-396

IDPWebBrowserSSOValve and IDPFilter are decoding the relaystate

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • PLINK_2.6.0.CR2
    • None
    • SAML
    • None

    Description

      The AbstractIDPBrowserValve and IDPFilter are decoding the relaystate.
      According to
      Per 5.1.2 of the SAML spec: "If the IdP received a RelayState value from the SP, it must return it unmodified to the SP in a hidden form control named RelayState."
      http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html#5.1.2.SP-Initiated%20SSO:%20%20Redirect/POST%20Bindings|outline

      The relevant code change is in methods:
      populateSessionWithSAMLParameters()
      handleUnauthorizedResponse()

      if (isNotNull(relayState))

      { relayState = RedirectBindingUtil.urlDecode(relayState); }

      Attachments

        Activity

          People

            anil.saldhana Anil Saldanha (Inactive)
            anil.saldhana Anil Saldanha (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: