Skip to content
Snippets Groups Projects
Commit 9c75388c authored by Pavel Břoušek's avatar Pavel Břoušek
Browse files

fix(check_saml): perform initial redirect if needed, not based on hostname

previously, JS redirect on initial URL was performed if and only if
the initial page did not redirect to idp hostname;
now it is performed if found in the page
parent 80037f80
No related branches found
No related tags found
No related merge requests found
Pipeline #453219 passed
...@@ -290,19 +290,18 @@ class SAMLChecker: ...@@ -290,19 +290,18 @@ class SAMLChecker:
response = self.curl(url) response = self.curl(url)
response_html = response.read().decode("utf-8") response_html = response.read().decode("utf-8")
response_url = response.url response_url = response.url
if get_host_from_url(response_url) != (
self.hosts[self.args.idp_host] try_response_html, try_response_url = self.js_form_redirect(
if self.args.idp_host in self.hosts response_html, response_url
else self.args.idp_host )
): if try_response_html is None:
response_html, response_url = self.js_form_redirect( if self.args.verbose >= 1:
response_html, response_url print("JS redirect not found on initial page")
) else:
if response_html is None: if self.args.verbose >= 1:
self.finish( print("JS redirect found on initial page")
"Initial URL does not redirect to IdP and JS redirect not detected", response_html = try_response_html
"CRITICAL", response_url = try_response_url
)
return response_html, response_url return response_html, response_url
def send_form(self, url, action, data): def send_form(self, url, action, data):
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment