Uploaded image for project: 'SX Spring Security Extension'
  1. SX Spring Security Extension
  2. SES-50

Support SAML RelayState containing Target URI when processing IdP-Initiated SSO

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: saml-1.0.0
    • Fix Version/s: saml-1.0.0.RC1
    • Component/s: saml
    • Labels:
      None
    • Environment:
      All

      Description

      The SAML extension works as expected for IdP Initiated SSO with the exception that it does not respect a target-uri contained in the RelayState of the unsolicited Assertion. This means that applications using this method of authentication will always start on the 'defaultTargetURI' page defined in context.

      I worked around this by updating SAMLProcessingFilter to add the relay state to the request:

      if (samlMessageContext.getRelayState()!=null) {
      String relayState = samlMessageContext.getRelayState();
      logger.debug("Saving SAML RelayState in Request attribute: " + relayState);
      if (isTargetUrl(relayState))

      { request.setAttribute(SAML_RELAYSTATE_TARGET_URL_ATTRIBUTE, relayState); }

      }

      Then a custom AuthenticationSuccessHandler can obtain the uri from the request attributes, if set, and redirect accordingly.

      I'm sure there is a better way to do this, but I could not find any other place where the RelayState was immediately available.

        Attachments

          Activity

            People

            • Assignee:
              vsch Vladimir Schäfer
              Reporter:
              wblackburn William Blackburn
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: