Creating AuthRequests with nil RelayState sends empty RelayState URL param #437
Comments
|
We should definitely avoid to generate TX with empty RelayState URL parameters. When we generate the url_string we use the build_query that doesn't add the RelayState parameter if there is no content. but the issue is after that, at the where params has the RelayState value, so if null set a null value for that parameter to request_params. Similar issue happens at LogoutRequest and LogoutResponse @vincentwoo are you able to provide a PR to fix that? Maybe makes sense some refactor. |
|
Scratch last comment, got tests working w/ bundle exec |
shyam-habarakada
pushed a commit
to 10Kft/ruby-saml
that referenced
this issue
May 24, 2018
…ponses with nil RelayState sends empty RelayState URL param
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Doing
OneLogin::RubySaml::Authrequest.new.create(settings, RelayState: nil)still creates an empty RelayState url param. Ideally nil (or perhaps even falsy) RelayState would causeruby-samlto not output a param. This caused an issue for a customer integration recently. SimpleSaml (the PHP library) apparently decided that we had an improperly signed request with the empty param.The text was updated successfully, but these errors were encountered: