From 9c75388cc4447accdf0a7fbd903b5f8d91d2b112 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ou=C5=A1ek?= <brousek@ics.muni.cz>
Date: Fri, 31 May 2024 00:37:27 +0200
Subject: [PATCH] fix(check_saml): perform initial redirect if needed, not
 based on hostname

previously, JS redirect on initial URL was performed if and only if
the initial page did not redirect to idp hostname;
now it is performed if found in the page
---
 perun/proxy/utils/nagios/check_saml.py | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/perun/proxy/utils/nagios/check_saml.py b/perun/proxy/utils/nagios/check_saml.py
index da58eb9..2c8929d 100755
--- a/perun/proxy/utils/nagios/check_saml.py
+++ b/perun/proxy/utils/nagios/check_saml.py
@@ -290,19 +290,18 @@ class SAMLChecker:
         response = self.curl(url)
         response_html = response.read().decode("utf-8")
         response_url = response.url
-        if get_host_from_url(response_url) != (
-            self.hosts[self.args.idp_host]
-            if self.args.idp_host in self.hosts
-            else self.args.idp_host
-        ):
-            response_html, response_url = self.js_form_redirect(
-                response_html, response_url
-            )
-            if response_html is None:
-                self.finish(
-                    "Initial URL does not redirect to IdP and JS redirect not detected",
-                    "CRITICAL",
-                )
+
+        try_response_html, try_response_url = self.js_form_redirect(
+            response_html, response_url
+        )
+        if try_response_html is None:
+            if self.args.verbose >= 1:
+                print("JS redirect not found on initial page")
+        else:
+            if self.args.verbose >= 1:
+                print("JS redirect found on initial page")
+            response_html = try_response_html
+            response_url = try_response_url
         return response_html, response_url
 
     def send_form(self, url, action, data):
-- 
GitLab