You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are porting an old SAML implementation from PHP over to Go, and so far this library has worked great. I have reused the middleware logic and mixed with our own to satisfy the multi-tenant setup we have.
The issue I'm running into now is our old setup used a few query strings in the ACS URL Location, and we need to maintain that for compatibility. With the library and go, unfortunately, it organizes the query string in alphabetical order and looks for an exact match URL with query strings, and if not matching, it fails. So even if the URL is the same, but the query string appear in a different order, the destination validation fails.
Would you be open to a PR that either:
Removes the query string as part of the ACS Location / Destination validation and ignores the query string
Removes the query string and verifies the rest of the url. Then additionally validates the query string, regardless of order
We are porting an old SAML implementation from PHP over to Go, and so far this library has worked great. I have reused the middleware logic and mixed with our own to satisfy the multi-tenant setup we have.
The issue I'm running into now is our old setup used a few query strings in the ACS URL Location, and we need to maintain that for compatibility. With the library and go, unfortunately, it organizes the query string in alphabetical order and looks for an exact match URL with query strings, and if not matching, it fails. So even if the URL is the same, but the query string appear in a different order, the destination validation fails.
Would you be open to a PR that either:
saml/service_provider.go
Lines 869 to 873 in 34930b2
The text was updated successfully, but these errors were encountered: