From 19f62a461b99d1ed1554bde98c6c00c4f332191d Mon Sep 17 00:00:00 2001
From: Wind Li <43080786+windli2018@users.noreply.github.com>
Date: Mon, 13 Jan 2025 20:55:37 +0800
Subject: [PATCH] feat: fix SAML's redirectUrl and POST ProtocolBinding (#3498)

---
 object/saml_idp.go           | 3 +++
 web/src/auth/AuthCallback.js | 2 +-
 web/src/auth/LoginPage.js    | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/object/saml_idp.go b/object/saml_idp.go
index 8da04574..c21b6372 100644
--- a/object/saml_idp.go
+++ b/object/saml_idp.go
@@ -338,6 +338,9 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 	} else if authnRequest.AssertionConsumerServiceURL == "" {
 		return "", "", "", fmt.Errorf("err: SAML request don't has attribute 'AssertionConsumerServiceURL' in <samlp:AuthnRequest>")
 	}
+	if authnRequest.ProtocolBinding == "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" {
+		method = "POST"
+	}
 
 	_, originBackend := getOriginFromHost(host)
 
diff --git a/web/src/auth/AuthCallback.js b/web/src/auth/AuthCallback.js
index 13bfdf55..da88c46c 100644
--- a/web/src/auth/AuthCallback.js
+++ b/web/src/auth/AuthCallback.js
@@ -204,7 +204,7 @@ class AuthCallback extends React.Component {
               }
               const SAMLResponse = res.data;
               const redirectUri = res.data2.redirectUrl;
-              Setting.goToLink(`${redirectUri}?SAMLResponse=${encodeURIComponent(SAMLResponse)}&RelayState=${oAuthParams.relayState}`);
+              Setting.goToLink(`${redirectUri}${redirectUri.includes("?") ? "&" : "?"}SAMLResponse=${encodeURIComponent(SAMLResponse)}&RelayState=${oAuthParams.relayState}`);
             }
           }
         } else {
diff --git a/web/src/auth/LoginPage.js b/web/src/auth/LoginPage.js
index 0740dedd..01fedcda 100644
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@@ -505,7 +505,7 @@ class LoginPage extends React.Component {
               } else {
                 const SAMLResponse = res.data;
                 const redirectUri = res.data2.redirectUrl;
-                Setting.goToLink(`${redirectUri}?SAMLResponse=${encodeURIComponent(SAMLResponse)}&RelayState=${oAuthParams.relayState}`);
+                Setting.goToLink(`${redirectUri}${redirectUri.includes("?") ? "&" : "?"}SAMLResponse=${encodeURIComponent(SAMLResponse)}&RelayState=${oAuthParams.relayState}`);
               }
             }
           };