diff --git a/modules/discojuice/www/discojuice/idpdiscovery.js b/modules/discojuice/www/discojuice/idpdiscovery.js index b851ece536286cefd58cdfb1e0bd38e6715d167d..0d8a7013b9e918f3883abd264f68119cb7fc41c0 100644 --- a/modules/discojuice/www/discojuice/idpdiscovery.js +++ b/modules/discojuice/www/discojuice/idpdiscovery.js @@ -54,46 +54,56 @@ var IdPDiscovery = function() { "returnTo": function(e) { -// console.log('ReturnTo'); -// console.log(e); -// return; - var returnTo = query['return'] ||Â null; var returnIDParam = query.returnIDParam || 'entityID'; + var allowed = false; + if(!returnTo) { DiscoJuice.Utils.log('Missing required parameter [return]'); return; } - if (acl) { - var allowed = false; + if (!acl) { + allowed = true; + } else { + var returnToHost = this.getHostname(returnTo); -// console.log('returnURLs2'); -// console.log(returnURLs); - for (var i = 0; i < returnURLs.length; i++) { if (returnURLs[i] == returnToHost) allowed = true; } if (!allowed) { + + returnTo += '&error=' + encodeURIComponent('IdP Discovery: Access denied. Access not granted to return results to host [' + returnToHost + ']'); + DiscoJuice.Utils.log('Access denied for return parameter [' + returnToHost + ']'); DiscoJuice.Utils.log('Allowed hosts'); DiscoJuice.Utils.log(returnURLs); - return; } } - if (e && e.auth) { - returnTo += '&auth=' + e.auth; - } + - if (!e.entityID) { + // Return error with access denied. + if (!allowed) { + + window.location = returnTo; + + // Return without entity found... + } else if (!e.entityID) { DiscoJuice.Utils.log('ReturnTo without Entityid'); DiscoJuice.Utils.log(e); window.location = returnTo; + + // Return entityid } else { + + if (e && e.auth) { + returnTo += '&auth=' + e.auth; + } + DiscoJuice.Utils.log('ReturnTo with Entityid'); window.location = returnTo + '&' + returnIDParam + '=' + escape(e.entityID); }