Updated SAML ACS post to retain user session #2996

ssddanbrown · 2021-10-20T12:37:22Z

Session was being lost due to the callback POST request cookies
not being provided due to samesite=lax. This instead adds an additional
hop in the flow to route the request via a GET request so the session is
retained. SAML POST data is stored encrypted in cache via a unique ID
then pulled out straight afterwards, and restored into POST for the SAML
toolkit to validate.

Updated testing to cover.

Fixes #2552

Session was being lost due to the callback POST request cookies not being provided due to samesite=lax. This instead adds an additional hop in the flow to route the request via a GET request so the session is retained. SAML POST data is stored encrypted in cache via a unique ID then pulled out straight afterwards, and restored into POST for the SAML toolkit to validate. Updated testing to cover.

ssddanbrown added 🔧 Maintenance 🏭 Back-End 🚪 Authentication labels Oct 20, 2021

ssddanbrown added this to the Next Feature Release milestone Oct 20, 2021

ssddanbrown self-assigned this Oct 20, 2021

ssddanbrown merged commit fe07cda into master Oct 20, 2021

ssddanbrown deleted the saml2_acs_session branch October 20, 2021 12:38

ssddanbrown mentioned this pull request Oct 20, 2021

After login via SAML, Bookstack redirects to home page instead of original URL #2552

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Updated SAML ACS post to retain user session #2996

Updated SAML ACS post to retain user session #2996

ssddanbrown commented Oct 20, 2021

Updated SAML ACS post to retain user session #2996

Updated SAML ACS post to retain user session #2996

Conversation

ssddanbrown commented Oct 20, 2021