[
https://issues.apache.org/jira/browse/GUACAMOLE-808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18091818#comment-18091818
]
David Bateman commented on GUACAMOLE-808:
-----------------------------------------
I implement the above in a [commit to my PR
#1219|[https://github.com/apache/guacamole-client/pull/1219/changes/ba50fd1f0bb80ac0e2e07a7003353d5d8cae03fa].]
This works fine for the scenario above and redirects to the original page
after authentication, though there are a couple of things to note
* I added the code to the JDBC to also respect the redirection as this case is
trival, though I have checked that it works
* For the SSO extensions, I promoted the Session Manager to the SSO base
class, but only used it in the openid extension. It would probably be cleaner
to instantiate and track the redirection in the base class, though this would
be much more instrusive, because
** The SSOAuthenticationProviderService would need to become a real class
rather than an interface, authenticateUser should only be in the base class to
deal with the session manager and redirection --> The authenticateUser methods
in the other classes should be renamed and called from this method
** The session Manager can only to defered and resumed one per call. So the
exception GuacamoleInvalidCredentials would need to be caught in the base class
to allow the session manager to be defered correctly
* If you logout and refresh the page the code works, If you push the
APP.ACTION_LOGIN_AGAIN button then the javascript
{code:java}
$scope.reAuthenticate = function reAuthenticate() {
$scope.reAuthenticating = true;
// Clear out URL state to conveniently bring user back to home screen
// upon relogin
if ($location.path() !== '/')
$location.url('/');
else
$route.reload();
}; {code}
is run. If we really want to keep the redirections for the login
again button this js should just reload
[~vnick] can you comment on this commit, and my statements above ?
> Support redirecting to originally requested URL after successful SSO login
> --------------------------------------------------------------------------
>
> Key: GUACAMOLE-808
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-808
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole, guacamole-auth-sso-cas,
> guacamole-auth-sso-openid, guacamole-auth-sso-saml
> Reporter: Parth Mishra
> Priority: Minor
>
> Upon successful authentication via OIDC, the user is returned to the redirect
> URI (e.g. {{https://myserver.com/guacamole/}}) even if they were requesting
> another Guacamole resource such as a Connection link. It would be nice if the
> user could be routed to the requested resource after successful
> authentication.
> This way, if they were to click a direct link to a guacamole Connection they
> have access too, the successful authentication via the IDP can reroute them
> directly to the requested connection URL rather than the guacamole UI.
> Typically this is done with encoding the request URL with the "state"
> parameter of OIDC and verifying with the nonce.
> This feature could be really useful for relying on custom frontends without
> having to modify or reimplement the web app.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)