We have an SSO solution that uses Shibboleth SSO for SSO authentication to a Confluence wiki site. We've configured Seraph (login.url and link.login.url) to redirect through Shibboleth as follows:
<init-param>
<param-name>login.url</param-name>
<param-value>https://<sp domain>/Shibboleth.sso/Login?target=https://<wiki domain>/wiki?os_destination=${originalurl}</param-value>
</init-param>
<init-param>
<param-name>link.login.url</param-name>
<param-value>https://<sp domain>/Shibboleth.sso/Login?target=https://<wiki domain>/wiki?os_destination=${originalurl}</param-value>
</init-param>
The problem is, the originalurl contains query parameters (e.g https://<wiki domain>/wiki/pages/viewpage.action?title=Home&spaceKey=Space). When this is sent back to the SP, only the ${originalurl} portion is URL encoded. Once the SP decodes the target, the 2nd originalulr query parameter (spaceKey in this example) is interpret as the target's query parameters.
It seems as if i need to url encode the entire target after the originalurl has been encoded (i.e dual encode the originalurl) so original url can survive the SP decode.
How can i handle origianlurl's that contain query parameters?
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.