From c2ecf7256dc8332e8508f77a50e9eee9942ef747 Mon Sep 17 00:00:00 2001 From: Steven Wilkin Date: Thu, 25 Aug 2011 19:50:12 +0100 Subject: [PATCH] handle query string in sso target url correctly --- lib/onelogin/saml/authrequest.rb | 3 ++- test/request_test.rb | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/lib/onelogin/saml/authrequest.rb b/lib/onelogin/saml/authrequest.rb index 0260c45a8..b3af98764 100644 --- a/lib/onelogin/saml/authrequest.rb +++ b/lib/onelogin/saml/authrequest.rb @@ -20,7 +20,8 @@ def create(settings, params = {}) deflated_request = Zlib::Deflate.deflate(request, 9)[2..-5] base64_request = Base64.encode64(deflated_request) encoded_request = CGI.escape(base64_request) - request_params = "?SAMLRequest=" + encoded_request + params_prefix = (settings.idp_sso_target_url =~ /\?/) ? '&' : '?' + request_params = "#{params_prefix}SAMLRequest=#{encoded_request}" params.each_pair do |key, value| request_params << "&#{key}=#{CGI.escape(value.to_s)}" diff --git a/test/request_test.rb b/test/request_test.rb index b2b29af22..fdd070d76 100644 --- a/test/request_test.rb +++ b/test/request_test.rb @@ -29,5 +29,25 @@ class RequestTest < Test::Unit::TestCase auth_url = Onelogin::Saml::Authrequest.new.create(settings, { :hello => nil }) assert auth_url =~ /&hello=$/ end + + context "when the target url doesn't contain a query string" do + should "create the SAMLRequest parameter correctly" do + settings = Onelogin::Saml::Settings.new + settings.idp_sso_target_url = "http://stuff.com" + + auth_url = Onelogin::Saml::Authrequest.new.create(settings) + assert auth_url =~ /^http:\/\/stuff.com\?SAMLRequest/ + end + end + + context "when the target url contains a query string" do + should "create the SAMLRequest parameter correctly" do + settings = Onelogin::Saml::Settings.new + settings.idp_sso_target_url = "http://stuff.com?field=value" + + auth_url = Onelogin::Saml::Authrequest.new.create(settings) + assert auth_url =~ /^http:\/\/stuff.com\?field=value&SAMLRequest/ + end + end end end