I have created a custom AuthenticationInfoPostProcessor service so that I could sent saml_request_path and redirect the authenticated user to the appropriate page. However, after authentication (i.e.after /saml_login request), there are 2 saml_request_path set in the response - one set to the value I'm setting in the custom AuthenticationInfoPostProcessor service and one with a value of null. The saml_request_path with null value redirects to my homepage.
How do I set saml_request_path so that the user is redirected to the appropriate page? How do I prevent the second saml_request_path cookie from being added?
Views
Replies
Total Likes
Hi @ahnc
I had previously worked on a similar requirement. The saml_request_path cookie is originally set in org.apache.sling.auth.core.spi.AuthenticationHandler. So avoid setting it in AuthenticationInfoPostProcessor.
What you can do is create a loginHook which implements AuthenticationHandler and override requestCredentials method. Set your saml_request_path inside this method.
@Override
public boolean requestCredentials(final HttpServletRequest httpServletRequest,
final HttpServletResponse httpServletResponse) throws IOException {
final int expiryTime = 60 * 60 * 60 * 24;
LOGGER.debug("Login hook initialized");
String pagePath = httpServletRequest.getRequestURI();
String queryString = httpServletRequest.getQueryString();
CookieUtil.addCookie(
ServletUtil.createCookie("saml_request_path", pagePath, true, expiryTime, null, "/", false),
httpServletResponse);
return wrappedAuthHandler.requestCredentials(httpServletRequest, httpServletResponse);
}
The above solution worked for me for this exact requirement. Hope it helps you too.
Regards,
Jeevan
Hi @JeevanRaj. Thanks for the suggestion. I implemented the login hook and some logging. I don't see requestCredentials during login. Most of our site does not require login. I assume requestCredentials method is only called when a page requires authentication, correct?
Is there a way to prevent AuthenticationHandler from setting saml_request_path cookie so that I can set it using a different method (e.g. sling request filter)?