Skip to content

Handle missing or modified RelayState during SAML authentication #5607

New issue
New issue
Closed
#6537
Closed
Handle missing or modified RelayState during SAML authentication#5607
#6537
Assignees
papertigers
Milestone
 
11
@jmpesp

Description

@jmpesp
jmpesp
opened on Apr 23, 2024

If a SAML login is IDP initiated (or SP initiated but the IDP eats our RelayState and supplies their own), then we can't expect RelayState to be properly set, but our current code in login_saml returns a 500 if it doesn't match our format:

        let relay_state =
            if let Some(value) = relay_state_string {
                Some(RelayState::from_encoded(value).map_err(|e| {
                    HttpError::for_internal_error(format!("{}", e))
                })?)
            } else {
                None
            };

We should instead probably continue with the rest of the function, as it's a bad user experience for them to see a 500 when the log in from their IDP.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions