browser-client-SAMLResponse: Parse response query string to get SAMLResponse key value pair - Githubissues

mmmorris1975 / aws-runas

aws-runas rewritten in Go

MIT License

87 stars 20 forks source link

browser-client-SAMLResponse: Parse response query string to get SAMLResponse key value pair #106

Closed NemindaPiyasena closed 1 year ago

NemindaPiyasena commented 1 year ago

Previously SAMLResponse=xxxx key value pair was selected from the POST request response data. It looked for a return of a SAMLResponse=xxxx examining the browser events.
This approach works fine until the browser response doesn't send any other data in the response.
But some SAML providers sends out other information like RelayState=xxxx. If this key value pair is in the response after the SAMLResponse=xxxx , the captured string from the browser events would look like SAMLResponse=xxxx&RelayState=xxxx. This would result in a base64 decoding error becase of the & character.
Made changes to capture only the SAMLResponse=xxxx key value pair using regex.

mmmorris1975 commented 1 year ago

Thank you for taking the time to make this contribution. Since the payload you are seeing is starting to look like a URL query string, would it make more sense to do something like:

qs, err := url.ParseQuery(ev.Request.PostData)
if err != nil {
    c.Logger.Errorf("Error parsing SAMLResponse: %v", err)
    return
}
escsaml := qs.Get("SAMLResponse")

I think either approach will work, but wanted to propose an alternative to see if one feels like a better solution compared to the other. For what we're trying to accomplish here, I don't see a clear preference for how this is addressed.

NemindaPiyasena commented 1 year ago

Hi @mmmorris1975

Thank you for your input. Parsing as a query string makes more sense in the context. I have made the changes accordingly.

mmmorris1975 commented 1 year ago

Thanks again for taking time to make aws-runas better! I'll work on getting this added in a new release