From 9a5799bc755e013c7cfccb3f8211cecae1f3df9a Mon Sep 17 00:00:00 2001 From: Tim van Dijen <tvdijen@gmail.com> Date: Fri, 12 Jan 2018 21:33:02 +0100 Subject: [PATCH] Use adfs:wreply parameter when available --- modules/adfs/lib/IdP/ADFS.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/modules/adfs/lib/IdP/ADFS.php b/modules/adfs/lib/IdP/ADFS.php index 965d37739..423539af2 100644 --- a/modules/adfs/lib/IdP/ADFS.php +++ b/modules/adfs/lib/IdP/ADFS.php @@ -9,6 +9,7 @@ class sspmod_adfs_IdP_ADFS $requestid = $query['wctx']; $issuer = $query['wtrealm']; + $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $spMetadata = $metadata->getMetaDataConfig($issuer, 'adfs-sp-remote'); @@ -23,10 +24,11 @@ class sspmod_adfs_IdP_ADFS 'ForceAuthn' => false, 'isPassive' => false, 'adfs:wctx' => $requestid, + 'adfs:wreply' => false ); - if (isset($_GET['wreply']) && !empty($_GET['wreply'])) { - $state['adfs:wreply'] = SimpleSAML\Utils\HTTP::checkURLAllowed($_GET['wreply']); + if (isset($query['wreply']) && !empty($query['wreply'])) { + $state['adfs:wreply'] = SimpleSAML\Utils\HTTP::checkURLAllowed($query['wreply']); } $idp->handleAuthenticationRequest($state); @@ -184,7 +186,8 @@ MSG; $wresult = sspmod_adfs_IdP_ADFS::signResponse($response, $privateKeyFile, $certificateFile); $wctx = $state['adfs:wctx']; - sspmod_adfs_IdP_ADFS::postResponse($spMetadata->getValue('prp'), $wresult, $wctx); + $wreply = $state['adfs:wreply'] ?: $spMetadata->getValue('prp'); + sspmod_adfs_IdP_ADFS::postResponse($wreply, $wresult, $wctx); } public static function sendLogoutResponse(SimpleSAML_IdP $idp, array $state) -- GitLab