Closed subtonez closed 9 years ago
Version 0.13.0.0 Looks to be in Kentor.AuthServices.WebSso.Saml2RedirectBinding.Bind()
Around lines 30-31: `var redirectUri = new Uri(destinationUrl.ToString()
Should check if there are already any parameters in the URL, and if so, use an ampersand (&) instead of a question-mark (?)
This is a known bug, see #132.
Current behavior is that SAMLRequest is assumed to be the only URL parameter and is appended with a question-mark (?). However, if the destinationUrl for an identityProvider has a parameter in it already, then SAMLRequest needs to be appended with an ampersand (&). Otherwise the URL is invalid.
For example, pingOne uses
https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=XXXXXX
for their service where idpid represents the SP in their system. The authservices library appends the SAMLRequest to this with a question mark like the followinghttps://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=XXXXXX?SAMLRequest=XXXXXXX
when it should behttps://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=XXXXXX&SAMLRequest=XXXXXXX
This is in the web.config usage