[ 
https://issues.apache.org/jira/browse/GUACAMOLE-808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18091818#comment-18091818
 ] 

David Bateman commented on GUACAMOLE-808:
-----------------------------------------

I implement the above in a [commit to my PR 
#1219|[https://github.com/apache/guacamole-client/pull/1219/changes/ba50fd1f0bb80ac0e2e07a7003353d5d8cae03fa].]
 This works fine for the scenario above and redirects to the original page 
after authentication, though there are a couple of things to note

 
 * I added the code to the JDBC to also respect the redirection as this case is 
trival, though I have checked that it works
 * For the SSO extensions, I promoted the Session Manager to the SSO base 
class, but only used it in the openid extension. It would probably be cleaner 
to instantiate and track the redirection in the base class, though this would 
be much more instrusive, because
 ** The SSOAuthenticationProviderService would need to become a real class 
rather than an interface, authenticateUser should only be in the base class to 
deal with the session manager and redirection --> The authenticateUser methods 
in the other classes should be renamed and called from this method
 ** The session Manager can only to defered and resumed one per call. So the 
exception GuacamoleInvalidCredentials would need to be caught in the base class 
to allow the session manager to be defered correctly
 * If you logout and refresh the page the code works, If you push the 
APP.ACTION_LOGIN_AGAIN button then the javascript 

{code:java}
    $scope.reAuthenticate = function reAuthenticate() {
        $scope.reAuthenticating = true;

        // Clear out URL state to conveniently bring user back to home screen
        // upon relogin
        if ($location.path() !== '/')
            $location.url('/');
        else
            $route.reload();
    }; {code}
          is run. If we really want to keep the redirections for the login 
again button this js should just reload

 

[~vnick]  can you comment on this commit, and my statements above ?

> Support redirecting to originally requested URL after successful SSO login
> --------------------------------------------------------------------------
>
>                 Key: GUACAMOLE-808
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-808
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole, guacamole-auth-sso-cas, 
> guacamole-auth-sso-openid, guacamole-auth-sso-saml
>            Reporter: Parth Mishra
>            Priority: Minor
>
> Upon successful authentication via OIDC, the user is returned to the redirect 
> URI (e.g. {{https://myserver.com/guacamole/}}) even if they were requesting 
> another Guacamole resource such as a Connection link. It would be nice if the 
> user could be routed to the requested resource after successful 
> authentication.
> This way, if they were to click a direct link to a guacamole Connection they 
> have access too, the successful authentication via the IDP can reroute them 
> directly to the requested connection URL rather than the guacamole UI. 
> Typically this is done with encoding the request URL with the "state" 
> parameter of OIDC and verifying with the nonce. 
> This feature could be really useful for relying on custom frontends without 
> having to modify or reimplement the web app.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to