Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-13962

SAML2 Identity Provider - During login phase, SamlAuthenticationPreprocessors are not taken into account to produce an appropriate destination url

    Details

    • Steps to Reproduce:
      Hide

      +* Define a SamlAuthenticationPreprocessor that modifies the request's destinationUrl (for instance, by adding a query parameter to the url.

      • When the request is posted, this new url will not be used +
      Show
      +* Define a SamlAuthenticationPreprocessor that modifies the request's destinationUrl (for instance, by adding a query parameter to the url. When the request is posted, this new url will not be used +
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Problem

      During a SAML login, the `destinationUrl` used to post the SAML request is not affected by the `org.keycloak.protocol.saml.preprocessor.SamlAuthenticationPreprocessor`.

      If a SAML preprocessor modifies a destination url, the request should be posted accordingly.

      Solution

      When posting the SAML request, use the destination url available on the request itself and not a variable defined earlier.

      Pull request

      https://github.com/keycloak/keycloak/pull/7007

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                hmlnarik Hynek Mlnařík
                Reporter:
                looorent Lorent Lempereur
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: