[
https://issues.apache.org/jira/browse/GUACAMOLE-808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18091144#comment-18091144
]
David Bateman commented on GUACAMOLE-808:
-----------------------------------------
Ok, with openid storing the redirection in a session manager is relatively
easy. The redirection can be obtained from
credientals.getRequest().getPathInfo()
At this point it seems that this is no authentication provider that performs
redirection after login. And as the method authenticateUser returns an
authenticatedUser object and with no where to return the redirection. So this
leaves me with the question of at what level to abstract the redirection...
The authenticateUser methods are called from
AuthenticationService.getAuthenticatedUser for all authentication providers in
order. So its probably better to treat the redirection in AuthenticationService
or above, though in that case it also needs access to the original credentials
to be able to recover credentials.getRequest().getPathInfo().. So confirming
this is the case for all authentication providers
* The abstract class org.apache.guacamole.net.auth.AuthenticatedUser defines
the getCredentials functions that the authentication providers must implement
* SSOAuthenticatedUser includes implements the getCredentials method for all
SSO classes
* RemoteAuthenticatedUser in the JDBC base class also implements this for all
JDBC classes
So the credentials are already available in AuthenticatedUser, and we can
recover the user requested page after successful login.
The easiest way to then do the redirection to the original page for **all**
authentication providers, would be in
org.apache.guacamole.net.event.AuthenticationSuccessEvent to check
authenticateduser.getCredentials().getRequest().getPathInfo() and perform the
redirection.. No changes are needed in the extensions themselves only in the
base guacamole-ext... [~vnick] are you ok with me proposing a global change of
this type ? Should it be to staging/1.6.1 or main ? It should only be a few
lines of code I imagine
> Support redirecting to originally requested URL after successful SSO login
> --------------------------------------------------------------------------
>
> Key: GUACAMOLE-808
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-808
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole, guacamole-auth-sso-cas,
> guacamole-auth-sso-openid, guacamole-auth-sso-saml
> Reporter: Parth Mishra
> Priority: Minor
>
> Upon successful authentication via OIDC, the user is returned to the redirect
> URI (e.g. {{https://myserver.com/guacamole/}}) even if they were requesting
> another Guacamole resource such as a Connection link. It would be nice if the
> user could be routed to the requested resource after successful
> authentication.
> This way, if they were to click a direct link to a guacamole Connection they
> have access too, the successful authentication via the IDP can reroute them
> directly to the requested connection URL rather than the guacamole UI.
> Typically this is done with encoding the request URL with the "state"
> parameter of OIDC and verifying with the nonce.
> This feature could be really useful for relying on custom frontends without
> having to modify or reimplement the web app.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)