ComponentSpace

Forums



UpdatePathBase interfering with LoginCompletionURL


UpdatePathBase interfering with LoginCompletionURL

Author
Message
trojak3d
trojak3d
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Awaiting Activation
Posts: 1, Visits: 9
Hello, We are working with ComponentSpace.Saml2, Version=3.5.0.0 and are encountering an issue with LoginCompletionUrl.

The issue is that the LoginCompletionUrl is appended to apiBase regardless of whether it’s a relative URL – for example, setting LoginCompletionUrl to “https://example.com/TestApp/Test/”  results in: https://example.com/TestApp/TestAPIhttps://example.com/TestApp/Test/
The only way around this we found was to use a relative path with an extra ‘/’ added at the start - "/../Test/"

The culprit is a method called UpdatePathBase in ComponentSpace.Saml2.Authentication which appends the string to the pathBase. We expect the LoginCompletionUrl to be able to take an absolute path  as in some cases the client might be hosted on a different address in which case a relative URL will not work. We would also expect a relative URL to work without having to add an additional ‘/’ at the start.

The way our app is configured is as follows
Client root hosted on https://example.com/TestApp/Test/
Service root hosted on https://example.com/TestApp/TestAPI/

Here's an example config reflecting our setup:
"SSO": {
   "PartnerName": "https://MiddlewareIdentityProvider",
   "LoginCompletionUrl": "https://example.com/TestApp/Test/",
  },
  "SAML": {
   "$schema": "https://www.componentspace.com/schemas/saml-config-schema-v1.0.json",
   "Configurations": [
    {
      "LocalServiceProviderConfiguration": {
       "Name": "https://MiddlewareServiceProvider",
       "Description": "Middleware Service Provider",
       "AssertionConsumerServiceUrl": "https://example.com/TestApp/TestAPI/SAML/AssertionConsumerService",
       "SingleLogoutServiceUrl": "https://example.com/TestApp/TestAPI/SAML/SingleLogoutService",
       "ArtifactResolutionServiceUrl": "https://example.com/TestApp/TestAPI/SAML/ArtifactResolutionService"
      },
      "PartnerIdentityProviderConfigurations": [
       {
        "Name": "https://MiddlewareIdentityProvider",
        "Description": "Middleware Identity Provider",
        "WantAssertionOrResponseSigned": false,
        "SingleSignOnServiceUrl": "https://exampleIdp.com/SAML/SingleSignOnService",
        "SingleLogoutServiceUrl": "https://exampleIdp.com/SAML/SingleLogoutService",
        "ArtifactResolutionServiceUrl": "https://exampleIdp.com/SAML/ArtifactResolutionService"
       }
      ]
    }
   ]
  }

Many thanks,
Karol


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Thank for pointing this out.

Please contact [email protected] mentioning your forum post. We'll organize a fix and a beta for you to try.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search