Luis-3M opened a new issue, #6427:
URL: https://github.com/apache/cloudstack/issues/6427
##### ISSUE TYPE
* Bug Report
##### COMPONENT NAME
~~~
SAML SSO plugin
~~~
##### CLOUDSTACK VERSION
~~~
LATEST ->
https://github.com/apache/cloudstack/blame/main/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java#L153
~~~
##### CONFIGURATION
SAML SSO plugin activated.
##### OS / ENVIRONMENT
N/A
##### SUMMARY
Google's IdP URL already contains a query param, thus this line of code will
create a malformed redirect URL.
https://github.com/apache/cloudstack/blame/main/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java#L153
Example of google's IdP URL:
`https://accounts.google.com/o/saml2/idp?idpid=XXXXXXXXX`
##### STEPS TO REPRODUCE
- Enable and configure SAML SSO plugin2 using Google as the IdP.
- Access the UI and attempt to login via Single Sign-On
You should now face an Invalid Request error.
##### EXPECTED RESULTS
Users should be redirected to Google's login portal thus completing the
authentication flow.
##### ACTUAL RESULTS
~~~
Malformed URL:
https://accounts.google.com/o/saml2/idp?idpid=<ID>?SAMLRequest=<SAMLRequest>
~~~
~~~
Expected URL:
https://accounts.google.com/o/saml2/idp?idpid=<ID>&SAMLRequest=<SAMLRequest>
~~~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
