Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle missing or modified RelayState during SAML authentication #5607

Closed
jmpesp opened this issue Apr 23, 2024 · 0 comments · Fixed by #6537
Closed

Handle missing or modified RelayState during SAML authentication #5607

jmpesp opened this issue Apr 23, 2024 · 0 comments · Fixed by #6537
Assignees
Milestone

Comments

@jmpesp
Copy link
Contributor

jmpesp commented Apr 23, 2024

If a SAML login is IDP initiated (or SP initiated but the IDP eats our RelayState and supplies their own), then we can't expect RelayState to be properly set, but our current code in login_saml returns a 500 if it doesn't match our format:

        let relay_state =
            if let Some(value) = relay_state_string {
                Some(RelayState::from_encoded(value).map_err(|e| {
                    HttpError::for_internal_error(format!("{}", e))
                })?)
            } else {
                None
            };

We should instead probably continue with the rest of the function, as it's a bad user experience for them to see a 500 when the log in from their IDP.

@jmpesp jmpesp changed the title Handle missing RelayState during SAML authentication Handle missing or modified RelayState during SAML authentication Apr 23, 2024
@askfongjojo askfongjojo added this to the 9 milestone May 10, 2024
@morlandi7 morlandi7 modified the milestones: 9, 10 Jun 27, 2024
@morlandi7 morlandi7 modified the milestones: 10, 11 Sep 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants