Use default return url if relay state is null

- If Idp is configured to use relaystate as return url and there is no relay state it is better to use the default return url than to fail - Fixes #1381
Sustainsys · Sep 18, 2023 · 05febb4 · 05febb4
1 parent 9bc332d
commit 05febb4
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 13 deletions.
diff --git a/Sustainsys.Saml2/WebSSO/AcsCommand.cs b/Sustainsys.Saml2/WebSSO/AcsCommand.cs
@@ -118,7 +118,7 @@ private static Uri GetLocation(StoredRequestState storedRequestState, IdentityPr
             else
             { //When IDP-Initiated
 
-                if (identityProvider.RelayStateUsedAsReturnUrl)
+                if (identityProvider.RelayStateUsedAsReturnUrl && !string.IsNullOrWhiteSpace(relayState))
                 {
                     if (!PathHelper.IsLocalWebUrl(relayState))
                     {
@@ -160,14 +160,6 @@ private static CommandResult ProcessResponse(
                 }
             }
 
-            if (identityProvider.RelayStateUsedAsReturnUrl)
-            {
-                if (relayState == null)
-                {
-                    throw new ConfigurationErrorsException(RelayStateMissing);
-                }
-            }
-
             options.SPOptions.Logger.WriteInformation("Successfully processed SAML response " 
                 + samlResponse.Id.Value + " and authenticated " 
                 + principal.FindFirst(ClaimTypes.NameIdentifier)?.Value);

diff --git a/Tests/Tests.Shared/WebSSO/AcsCommandTests.cs b/Tests/Tests.Shared/WebSSO/AcsCommandTests.cs
@@ -749,7 +749,11 @@ public void AcsCommand_Run_UsesIdpFromNotification()
             actual.Principal.Claims.First().Issuer.Should().Be("https://other.idp.example.com");
         }
 
-        private void RelayStateAsReturnUrl(string relayState, IOptions options, [CallerMemberName] string caller = null)
+        private void RelayStateAsReturnUrl(
+            string relayState, 
+            IOptions options,
+            string expectedReturnUrl = null,
+            [CallerMemberName] string caller = null)
         {
             if(string.IsNullOrEmpty(caller))
             {
@@ -809,7 +813,7 @@ private void RelayStateAsReturnUrl(string relayState, IOptions options, [CallerM
             };
 
             new AcsCommand().Run(r, options)
-                .Location.OriginalString.Should().Be(relayState);
+                .Location.OriginalString.Should().Be(expectedReturnUrl ?? relayState);
         }
 
         [TestMethod]
@@ -821,8 +825,7 @@ public void AcsCommand_Run_WithRelayStateUsedAsReturnUrl_Success()
         [TestMethod]
         public void AcsCommand_Run_WithRelayStateUsedAsReturnUrl_Missing()
         {
-            this.Invoking(t => t.RelayStateAsReturnUrl(null, StubFactory.CreateOptions()))
-                .Should().Throw<ConfigurationErrorsException>();
+            RelayStateAsReturnUrl(null, StubFactory.CreateOptions(), "https://localhost/returnUrl");
         }
 
         [TestMethod]