-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
platform(general): Double-Encode URI for RelayState Parameter #6302
platform(general): Double-Encode URI for RelayState Parameter #6302
Conversation
@SimOnPanw is this true for every IDP? I am wondering how the initial implementation of this worked (assuming it was tested). Did it ever work? |
@mikeurbanski1, Yes, it used to work. I noticed some changes when we changed the landing pages from |
Ok. I guess my concern here is whether this fix will be universal. I don't really have a way to test it and my memory for SSO flow details is weak. |
…crewio#6302) * Add URI double encoding for the report url * fix flake8 * Install urllib3 and update Pipfile and Pipfile.lock * Install urllib3 and update Pipfile and Pipfile.lock * delete results.sarif * Add urllib3 in setup.py
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Description
This pull request addresses an issue where the Identity Provider (IDP) was stripping information from the RelayState parameter if it was not double-encoded. The change ensures that the URI is correctly double-encoded before being passed as the RelayState parameter, thus preserving the full URI information.
Testing:
Verified that the double-encoded URI is correctly passed as the RelayState parameter.
Confirmed that the IDP retains the full information of the RelayState parameter without stripping any part of the URI.
Checklist: