Ensure AuthnRequest destination URL is not incorrectly formatted

Sustainsys · Sep 26, 2018 · 6388f9e · 6388f9e
1 parent 116a52f
commit 6388f9e
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/Sustainsys.Saml2/SAML2P/Saml2RequestBase.cs b/Sustainsys.Saml2/SAML2P/Saml2RequestBase.cs
@@ -102,7 +102,7 @@ protected IEnumerable<XObject> ToXNodes()
 
             if (DestinationUrl != null)
             {
-                yield return new XAttribute("Destination", DestinationUrl);
+                yield return new XAttribute("Destination", DestinationUrl.OriginalString);
             }
 
             if (Issuer != null && !string.IsNullOrEmpty(Issuer.Id))

diff --git a/Tests/Tests.Shared/IdentityProviderTests.cs b/Tests/Tests.Shared/IdentityProviderTests.cs
@@ -46,7 +46,8 @@ public void Cleanup()
         [TestMethod]
         public void IdentityProvider_CreateAuthenticateRequest_DestinationInXml()
         {
-            string idpUri = "http://idp.example.com/";
+            // %41 is A, which doesn't need to be encoded. Ensure it is kept in original format.
+            string idpUri = "http://idp.example.com/x=%41";
 
             var subject = new IdentityProvider(
                 new EntityId(idpUri),