We have an SSO solution that uses Shibboleth SSO for SSO authentication to a Confluence wiki site. We've configured Seraph (login.url and link.login.url) to redirect through Shibboleth as follows:
<init-param> <param-name>login.url</param-name> <param-value>https://<sp domain>/Shibboleth.sso/Login?target=https://<wiki domain>/wiki?os_destination=${originalurl}</param-value> </init-param> <init-param> <param-name>link.login.url</param-name> <param-value>https://<sp domain>/Shibboleth.sso/Login?target=https://<wiki domain>/wiki?os_destination=${originalurl}</param-value> </init-param>
The problem is, the originalurl contains query parameters (e.g https://<wiki domain>/wiki/pages/viewpage.action?title=Home&spaceKey=Space). When this is sent back to the SP, only the ${originalurl} portion is URL encoded. Once the SP decodes the target, the 2nd originalulr query parameter (spaceKey in this example) is interpret as the target's query parameters.
It seems as if i need to url encode the entire target after the originalurl has been encoded (i.e dual encode the originalurl) so original url can survive the SP decode.
How can i handle origianlurl's that contain query parameters?
Thanks
Have you found a solution?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Join the discussion on interview best practices and common pitfalls. Share your experiences and learn from others in the Atlassian Community.
Share you experiences!Online forums and learning are now in one easy-to-use experience.
By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.