Defining Default Relay State in Okta causes server error in Craft when logging in via Okta interface.

flipboxfactory / saml-sp

SAML Service Provider (SP) Plugin for Craft CMS

https://saml-sp.flipboxfactory.com/

Other

19 stars 5 forks source link

Defining Default Relay State in Okta causes server error in Craft when logging in via Okta interface. #120

Closed samput closed 3 years ago

samput commented 3 years ago

Creating a new issue here as I'm having the same problems as mentioned in in this issue.

When logging in via the Okta interface, after a successful login we want users to redirect to to /admin rather than the base URL.

If Default Relay State is defined in Okta, I get an internal server error from Craft ERR_HTTP2_PROTOCOL_ERROR when trying to login via the Okta interface.

If logging in manually via /admin everything works as expected.

dsmrt commented 3 years ago

👋 @samput

To be clear, does sso login work ok when the default relay state is not defined?

samput commented 3 years ago

@dsmrt yep that's right, sso works when default relay state is not defined in Okta.

dsmrt commented 3 years ago

Ok, I'm not sure if this is the issue, but try base 64'ing the default relay state. The plugin base 64's the relay state string on the way out and expects to decode it on the way back in. So, if the default relay state is /admin, then use L2FkbWlu (I think that is right).

samput commented 3 years ago

@dsmrt Yep base64 encoding the url works, thanks!