Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle missing or modified RelayState during SAML authentication #5607

Open
jmpesp opened this issue Apr 23, 2024 · 0 comments
Open

Handle missing or modified RelayState during SAML authentication #5607

jmpesp opened this issue Apr 23, 2024 · 0 comments
Milestone
9

Comments

@jmpesp
Copy link
Contributor

jmpesp commented Apr 23, 2024

If a SAML login is IDP initiated (or SP initiated but the IDP eats our RelayState and supplies their own), then we can't expect RelayState to be properly set, but our current code in login_saml returns a 500 if it doesn't match our format:

        let relay_state =
            if let Some(value) = relay_state_string {
                Some(RelayState::from_encoded(value).map_err(|e| {
                    HttpError::for_internal_error(format!("{}", e))
                })?)
            } else {
                None
            };

We should instead probably continue with the rest of the function, as it's a bad user experience for them to see a 500 when the log in from their IDP.
@jmpesp jmpesp changed the title Handle missing RelayState during SAML authentication Handle missing or modified RelayState during SAML authentication Apr 23, 2024
@askfongjojo askfongjojo added this to the 9 milestone May 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
9
Development

No branches or pull requests
2 participants
@jmpesp @askfongjojo