Hi folks,
Here's a pac4j bug that effects Knox use cases:
Any query parameter(s) set in an idp-metadata file, as part of the
HTTP-Redirect Location, are dropped from the resulting URL. For example, if
this was in your idp-metadata file, the query parameter 'qp' would not
appear in the resulting URL:
<md:SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="
http://some-host/some-path?qp=thisWouldBeDropped"/>
Here's the PR: https://github.com/pac4j/pac4j/pull/1339
Thanks,
Jason
