search

Sustainsys / Saml2

Saml2 Authentication services for ASP.NET
Other
960 stars 602 forks source link

When using a parameter in identityProvider destination URL, SAMLRequest needs to use ampersand(&) to append to URL #282

Closed subtonez closed 9 years ago

subtonez commented 9 years ago

Current behavior is that SAMLRequest is assumed to be the only URL parameter and is appended with a question-mark (?). However, if the destinationUrl for an identityProvider has a parameter in it already, then SAMLRequest needs to be appended with an ampersand (&). Otherwise the URL is invalid.

For example, pingOne uses https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=XXXXXX for their service where idpid represents the SP in their system. The authservices library appends the SAMLRequest to this with a question mark like the following https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=XXXXXX?SAMLRequest=XXXXXXX when it should be https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=XXXXXX&SAMLRequest=XXXXXXX

This is in the web.config usage

subtonez commented 9 years ago

Version 0.13.0.0 Looks to be in Kentor.AuthServices.WebSso.Saml2RedirectBinding.Bind()

Around lines 30-31: `var redirectUri = new Uri(destinationUrl.ToString()

Should check if there are already any parameters in the URL, and if so, use an ampersand (&) instead of a question-mark (?)

AndersAbel commented 9 years ago

This is a known bug, see #132.