[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Problems when single sign-on service URL contains XML entities
I think I have found a bug while trying to configure mod_auth_saml to
authenticate against an identity provider whose SSO service URL contains
several query parameters separated by ampersands. The metadata I have got
for the IdP contains a line similar to this:
I think it is correct that the ampersands in the URL are encoded using the
& entity to ensure that the XML is valid. However, mod_auth_saml is
redirecting the browser to that URL exactly as written, without
substituting & for &, which is an invalid URL.
I am going to have a go at patching the code to work around this, but I
wanted to shout out first in case anyone has any pointers for me. For
example, is there already something within ZXID which can decode XML
entities? I couldn't see anything at first glance.
Also, should I decode the entities when reading the XML string into the
zx_elem_s structure? Or when reading out of it and forming the Location
HTTP request parameter? I would have said the first option, but there is a
possibility that this will cause problems when the same URL is embedded
into the SAMLRequest parameter - if the metadata is re-created from the
zx_elem_s structure, I will have to re-encode the entities at that point,
which will be more work.
Any advice would be appreciated.