1:55 a.m.
The relay state is transferred to keycloak in an HTTP GET. It seems to
be urlencoded by the library that I'm using. The parameter looks like
"RelayState=http%3A%2F%2Fportal-simulator%2Fprotected.php".
On Fri, Jun 5, 2015 at 12:21 PM, Bill Burke <bburke(a)redhat.com> wrote:
How is the relay state transfered? POST or Redirect GET? How is it
encoded?
On 6/5/2015 2:43 AM, pubudu gunawardena wrote:
> Quoting from section "3.1.1 Use of RelayState" in the spec
>
(https://www.oasis-open.org/committees/download.php/35387/sstc-saml-bindin...),
>
> "Namely, if a SAML request message is accompanied by RelayState data,
> then the SAML responder MUST return its SAML protocol response using a
> binding that also supports a RelayState mechanism, and it MUST place
> the exact RelayState data it received with the request into the
> corresponding RelayState parameter in the response."
>
> which is not the case if keycloak is removing the forward slashes from
> the RelayState. So I think there should be a mechanism to escape the
> RelayState data and yet return the data to the Service Provider
> unmodified.
>
> On Thu, Jun 4, 2015 at 5:43 PM, pubudu gunawardena <pubudupg(a)gmail.com> wrote:
>> After debugging found a possible cause for this. In line 305 of
>> SAML2BindingBuilder2 there is code as following
>>
>> escapeAttribute(relayState)
>>
>> which removes the forward slashes from the url. So I guess this is a bug?
>>
>> On Thu, Jun 4, 2015 at 5:14 PM, pubudu gunawardena <pubudupg(a)gmail.com>
wrote:
>>> Hi All,
>>>
>>> I am trying to use the OneLogin php-saml library[1] as a service
>>> provider that uses keycloak as a SAML identity provider. The
>>> "RelayState" parameter is sent properly form the SP to the IDP but
in
>>> the response, the forward slashes are missing from the RelayState.
>>> For example in the post parameters of the authentication request, the
>>> RelayState shows "http://phpsaml/demo1/" but in the response from
>>> keycloak, it shows "http:phpsamldemo1". This is causing the
php-saml
>>> library to throw exceptions. I'm using keycloak 1.2.0.Final.
>>>
>>> How can I overcome this problem?
>>>
>>>
>>> [1]https://github.com/onelogin/php-saml
>>>
>>> --
>>> Thanks,
>>> Pubudu
>>
>>
>>
>> --
>> Thanks,
>> Pubudu
>
>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Thanks,
Pubudu