[ 
https://issues.apache.org/jira/browse/GUACAMOLE-808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18091144#comment-18091144
 ] 

David Bateman commented on GUACAMOLE-808:
-----------------------------------------

Ok, with openid storing the redirection in a session manager is relatively 
easy. The redirection can be obtained from 
credientals.getRequest().getPathInfo()

At this point it seems that this is no authentication provider that performs 
redirection after login. And as the method authenticateUser returns an 
authenticatedUser object and with no where to return the redirection. So this 
leaves me with the question of at what level to abstract the redirection...

The authenticateUser methods are called from 
AuthenticationService.getAuthenticatedUser for all authentication providers in 
order. So its probably better to treat the redirection in AuthenticationService 
or above, though in that case it also needs access to the original credentials 
to be able to recover credentials.getRequest().getPathInfo().. So confirming 
this is the case for all authentication providers
 * The abstract class org.apache.guacamole.net.auth.AuthenticatedUser defines 
the getCredentials functions that the authentication providers must implement
 * SSOAuthenticatedUser includes implements the getCredentials method for all 
SSO classes
 * RemoteAuthenticatedUser in the JDBC base class also implements this for all 
JDBC classes

So the credentials are already available in AuthenticatedUser, and we can 
recover the user requested page after successful login.

The easiest way to then do the redirection to the original page for **all** 
authentication providers, would be in 
org.apache.guacamole.net.event.AuthenticationSuccessEvent to check 
authenticateduser.getCredentials().getRequest().getPathInfo() and perform the 
redirection.. No changes are needed in the extensions themselves only in the 
base guacamole-ext... [~vnick] are you ok with me proposing a global change of 
this type ? Should it be to staging/1.6.1 or main ? It should only be a few 
lines of code I imagine 

> Support redirecting to originally requested URL after successful SSO login
> --------------------------------------------------------------------------
>
>                 Key: GUACAMOLE-808
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-808
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole, guacamole-auth-sso-cas, 
> guacamole-auth-sso-openid, guacamole-auth-sso-saml
>            Reporter: Parth Mishra
>            Priority: Minor
>
> Upon successful authentication via OIDC, the user is returned to the redirect 
> URI (e.g. {{https://myserver.com/guacamole/}}) even if they were requesting 
> another Guacamole resource such as a Connection link. It would be nice if the 
> user could be routed to the requested resource after successful 
> authentication.
> This way, if they were to click a direct link to a guacamole Connection they 
> have access too, the successful authentication via the IDP can reroute them 
> directly to the requested connection URL rather than the guacamole UI. 
> Typically this is done with encoding the request URL with the "state" 
> parameter of OIDC and verifying with the nonce. 
> This feature could be really useful for relying on custom frontends without 
> having to modify or reimplement the web app.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to