I wonder if this is related to https://issues.apache.org/jira/browse/KNOX-1355 On the surface looks like it is talking about redirects and url parameters. No idea if it is actually the same issue.
Kevin Risden On Thu, Jul 11, 2019 at 6:58 PM larry mccay <[email protected]> wrote: > Hi Jason - > > Thank you for tracking this down and providing a PR for it! > I've commented on the PR itself and am copying Jérôme on this thread. > > @Jérôme - Heads up - we are currently on 3.7 and will need to get a version > with this fix, I think. > > Thanks again, Jason! > > --larry > > On Thu, Jul 11, 2019 at 6:53 PM Jason Wang <[email protected]> > wrote: > > > Hi folks, > > > > Here's a pac4j bug that effects Knox use cases: > > > > Any query parameter(s) set in an idp-metadata file, as part of the > > HTTP-Redirect Location, are dropped from the resulting URL. For example, > if > > this was in your idp-metadata file, the query parameter 'qp' would not > > appear in the resulting URL: > > > > <md:SingleSignOnService > > Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location=" > > http://some-host/some-path?qp=thisWouldBeDropped"/> > > > > Here's the PR: https://github.com/pac4j/pac4j/pull/1339 > > > > Thanks, > > Jason > > >
