Clearing all hidden form values was a mistake as it breaks SAML when the redirection URL contains a query string. We should keep existing hidden fields. In the context of OIDC request, we clear them before redirection to avoid #2085
This commit is contained in:
parent
827d06cded
commit
33a5496e55
|
@ -707,10 +707,7 @@ sub run {
|
||||||
$session_state
|
$session_state
|
||||||
);
|
);
|
||||||
|
|
||||||
$self->logger->debug("Redirect user to $response_url");
|
return $self->_redirectToUrl($req, $response_url);
|
||||||
$req->urldc($response_url);
|
|
||||||
|
|
||||||
return PE_REDIRECT;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Implicit Flow
|
# Implicit Flow
|
||||||
|
@ -780,10 +777,7 @@ sub run {
|
||||||
$session_state
|
$session_state
|
||||||
);
|
);
|
||||||
|
|
||||||
$self->logger->debug("Redirect user to $response_url");
|
return $self->_redirectToUrl($req, $response_url);
|
||||||
$req->urldc($response_url);
|
|
||||||
|
|
||||||
return PE_REDIRECT;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Hybrid Flow
|
# Hybrid Flow
|
||||||
|
@ -885,9 +879,7 @@ sub run {
|
||||||
$session_state
|
$session_state
|
||||||
);
|
);
|
||||||
|
|
||||||
$self->logger->debug("Redirect user to $response_url");
|
return $self->_redirectToUrl($req, $response_url);
|
||||||
$req->urldc($response_url);
|
|
||||||
return PE_REDIRECT;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$self->logger->debug("None flow has been selected");
|
$self->logger->debug("None flow has been selected");
|
||||||
|
@ -969,9 +961,7 @@ sub run {
|
||||||
$self->buildLogoutResponse( $post_logout_redirect_uri,
|
$self->buildLogoutResponse( $post_logout_redirect_uri,
|
||||||
$state );
|
$state );
|
||||||
|
|
||||||
$self->logger->debug("Redirect user to $response_url");
|
return $self->_redirectToUrl($req, $response_url);
|
||||||
$req->urldc($response_url);
|
|
||||||
return PE_REDIRECT;
|
|
||||||
}
|
}
|
||||||
return $req->param('confirm') == 1
|
return $req->param('confirm') == 1
|
||||||
? ( $err ? $err : PE_LOGOUT_OK )
|
? ( $err ? $err : PE_LOGOUT_OK )
|
||||||
|
@ -2323,4 +2313,15 @@ sub _generateIDToken {
|
||||||
return $self->createIDToken( $id_token_payload_hash, $rp );
|
return $self->createIDToken( $id_token_payload_hash, $rp );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub _redirectToUrl {
|
||||||
|
my ($self, $req, $response_url) = @_;
|
||||||
|
|
||||||
|
# We must clear hidden form fields saved from the request (#2085)
|
||||||
|
$self->p->clearHiddenFormValue($req);
|
||||||
|
$self->logger->debug("Redirect user to $response_url");
|
||||||
|
$req->urldc($response_url);
|
||||||
|
|
||||||
|
return PE_REDIRECT;
|
||||||
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
|
@ -524,19 +524,20 @@ sub buildOutgoingHiddenForm {
|
||||||
my ( $self, $req, $method ) = @_;
|
my ( $self, $req, $method ) = @_;
|
||||||
my @keys = keys %{ $req->{portalHiddenFormValues} };
|
my @keys = keys %{ $req->{portalHiddenFormValues} };
|
||||||
|
|
||||||
# Redirection URL contains query string. Before displaying a form,
|
if ( lc $method eq 'get' ) {
|
||||||
# we must set the query string parameters as form fields so they can
|
my $uri = URI->new( $req->{urldc} );
|
||||||
# be preserved #2085
|
my %query_params = $uri->query_form;
|
||||||
|
|
||||||
my $uri = URI->new( $req->{urldc} );
|
# Redirection URL contains query string. Before displaying a form,
|
||||||
my %query_params = $uri->query_form;
|
# we must set the query string parameters as form fields so they can
|
||||||
if (%query_params) {
|
# be preserved #2085
|
||||||
$self->logger->debug(
|
if (%query_params) {
|
||||||
|
$self->logger->debug(
|
||||||
"urldc contains query parameters, setting them as hidden form values"
|
"urldc contains query parameters, setting them as hidden form values"
|
||||||
);
|
);
|
||||||
$self->clearHiddenFormValue($req);
|
foreach ( keys %query_params ) {
|
||||||
foreach ( keys %query_params ) {
|
$self->setHiddenFormValue( $req, $_, $query_params{$_}, "", 0 );
|
||||||
$self->setHiddenFormValue( $req, $_, $query_params{$_}, "", 0 );
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user