[
https://issues.apache.org/jira/browse/GUACAMOLE-808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16858855#comment-16858855
]
Michael Jumper commented on GUACAMOLE-808:
------------------------------------------
Using the "state" parameter sounds like a reasonable solution, but this will
need to be done carefully. It would need to be guaranteed that the application
state stored within "state" (in this case the user's requested in-application
path) cannot be manipulated externally, perhaps by cryptographically tying that
state to the nonce.
> Support redirecting to originally requested URL after successful OpenID login
> -----------------------------------------------------------------------------
>
> Key: GUACAMOLE-808
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-808
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole, guacamole-auth-openid
> Affects Versions: 1.0.0
> Reporter: Parth Mishra
> Priority: Minor
>
> Upon successful authentication via OIDC, the user is returned to the redirect
> URI (e.g. "[https://myserver.com/guacamole/]";) even if they were requesting
> another Guacamole resource such as a Connection link. It would be nice if the
> user could be routed to the requested resource after successful
> authentication.
> This way, if they were to click a direct link to a guacamole Connection they
> have access too, the successful authentication via the IDP can reroute them
> directly to the requested connection URL rather than the guacamole UI.
> Typically this is done with encoding the request URL with the "state"
> parameter of OIDC and verifying with the nonce.
>
> This feature could be really useful for relying on custom frontends without
> having to modify or reimplement the web app.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
