Description:
|
The AbstractIDPBrowserValve
is
and IDPFilter are
decoding the relaystate. According to Per 5.1.2 of the SAML spec: "If the IdP received a RelayState value from the SP, it must return it unmodified to the SP in a hidden form control named RelayState." http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html#5.1.2.SP-Initiated%20SSO:%20%20Redirect/POST%20Bindings|outline
The relevant code change is in
method
methods
: populateSessionWithSAMLParameters()
handleUnauthorizedResponse()
if (isNotNull(relayState)) { relayState = RedirectBindingUtil.urlDecode(relayState); }
|