From 23627081c82e4550635c2e6f728905cf11ddda49 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= <clement@oodo.net>
Date: Wed, 29 Jan 2014 15:48:44 +0000
Subject: [PATCH] Specific query string method to be compatible with buggy ADFS
 URL encoding (#677)

---
 .../lib/Lemonldap/NG/Portal/_SAML.pm          | 30 +++++++++++++++++--
 1 file changed, 27 insertions(+), 3 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
index 53b0a2b8e..59690fc62 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
@@ -435,7 +435,7 @@ sub checkMessage {
             if ( $self->param('SAMLResponse') ) {
 
                 # Response in query string
-                $response = $self->query_string();
+                $response = $self->getQueryString();
                 $self->lmLog( "HTTP-REDIRECT: SAML Response $response",
                     'debug' );
 
@@ -444,7 +444,7 @@ sub checkMessage {
             if ( $self->param('SAMLRequest') ) {
 
                 # Request in query string
-                $request = $self->query_string();
+                $request = $self->getQueryString();
                 $self->lmLog( "HTTP-REDIRECT: SAML Request $request", 'debug' );
 
             }
@@ -452,7 +452,7 @@ sub checkMessage {
             if ( $self->param('SAMLart') ) {
 
                 # Artifact in query string
-                $artifact = $self->query_string();
+                $artifact = $self->getQueryString();
                 $self->lmLog( "HTTP-REDIRECT: SAML Artifact $artifact",
                     'debug' );
 
@@ -2989,6 +2989,26 @@ sub sendSLOErrorResponse {
     return $self->sendLogoutResponseToServiceProvider( $logout, $method );
 }
 
+## @method string getQueryString()
+# Return query string with or without CGI query_string() method
+# @return query string
+sub getQueryString {
+    my ($self) = splice @_;
+
+    my $query_string;
+
+    if ( $self->{samlUseQueryStringSpecific} ) {
+        my @pairs = split( /&/, $ENV{'QUERY_STRING'} );
+        $query_string = join( ';', @pairs );
+
+    }
+    else {
+        $query_string = $self->query_string();
+    }
+
+    return $query_string;
+}
+
 1;
 
 __END__
@@ -3346,6 +3366,10 @@ Find and delete SAML sessions bounded to a primary session
 
 Send an SLO error response
 
+=head2 getQueryString
+
+Get query string with or without CGI query_string() method
+
 =head1 SEE ALSO
 
 L<Lemonldap::NG::Portal::AuthSAML>, L<Lemonldap::NG::Portal::UserDBSAML>