From 05febb49d68657ac8554e4295ac0423673f2a352 Mon Sep 17 00:00:00 2001 From: Anders Abel Date: Mon, 18 Sep 2023 13:58:23 +0200 Subject: [PATCH] Use default return url if relay state is null - If Idp is configured to use relaystate as return url and there is no relay state it is better to use the default return url than to fail - Fixes #1381 --- Sustainsys.Saml2/WebSSO/AcsCommand.cs | 10 +--------- Tests/Tests.Shared/WebSSO/AcsCommandTests.cs | 11 +++++++---- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/Sustainsys.Saml2/WebSSO/AcsCommand.cs b/Sustainsys.Saml2/WebSSO/AcsCommand.cs index e66273237..c64a6c258 100644 --- a/Sustainsys.Saml2/WebSSO/AcsCommand.cs +++ b/Sustainsys.Saml2/WebSSO/AcsCommand.cs @@ -118,7 +118,7 @@ private static Uri GetLocation(StoredRequestState storedRequestState, IdentityPr else { //When IDP-Initiated - if (identityProvider.RelayStateUsedAsReturnUrl) + if (identityProvider.RelayStateUsedAsReturnUrl && !string.IsNullOrWhiteSpace(relayState)) { if (!PathHelper.IsLocalWebUrl(relayState)) { @@ -160,14 +160,6 @@ private static CommandResult ProcessResponse( } } - if (identityProvider.RelayStateUsedAsReturnUrl) - { - if (relayState == null) - { - throw new ConfigurationErrorsException(RelayStateMissing); - } - } - options.SPOptions.Logger.WriteInformation("Successfully processed SAML response " + samlResponse.Id.Value + " and authenticated " + principal.FindFirst(ClaimTypes.NameIdentifier)?.Value); diff --git a/Tests/Tests.Shared/WebSSO/AcsCommandTests.cs b/Tests/Tests.Shared/WebSSO/AcsCommandTests.cs index b8c40d3b4..787ab3b3f 100644 --- a/Tests/Tests.Shared/WebSSO/AcsCommandTests.cs +++ b/Tests/Tests.Shared/WebSSO/AcsCommandTests.cs @@ -749,7 +749,11 @@ public void AcsCommand_Run_UsesIdpFromNotification() actual.Principal.Claims.First().Issuer.Should().Be("https://other.idp.example.com"); } - private void RelayStateAsReturnUrl(string relayState, IOptions options, [CallerMemberName] string caller = null) + private void RelayStateAsReturnUrl( + string relayState, + IOptions options, + string expectedReturnUrl = null, + [CallerMemberName] string caller = null) { if(string.IsNullOrEmpty(caller)) { @@ -809,7 +813,7 @@ private void RelayStateAsReturnUrl(string relayState, IOptions options, [CallerM }; new AcsCommand().Run(r, options) - .Location.OriginalString.Should().Be(relayState); + .Location.OriginalString.Should().Be(expectedReturnUrl ?? relayState); } [TestMethod] @@ -821,8 +825,7 @@ public void AcsCommand_Run_WithRelayStateUsedAsReturnUrl_Success() [TestMethod] public void AcsCommand_Run_WithRelayStateUsedAsReturnUrl_Missing() { - this.Invoking(t => t.RelayStateAsReturnUrl(null, StubFactory.CreateOptions())) - .Should().Throw(); + RelayStateAsReturnUrl(null, StubFactory.CreateOptions(), "https://localhost/returnUrl"); } [TestMethod]