Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-122673

IDP role HTTP-Redirect binding support broken by SameSite LAX cookies filter

    Details

      Description

      The filter converts the HTTP-Redirect binding's GET request into a POST request when it builds an auto-submitting HTML form.

      Steps to reproduce.

      1. Configure portal as SAML IDP
      2. Clear all cookies for portal
      3. Using a SAML SP which supports sending HTTP-Redirect binding Authn Requests (another portal instance is fine), initiate SSO using this binding.

       Expected result: The user lands on the portal/IDP's login screen

       Actual result: Generic SAML processing error is shown on UI

       Tip: If using portal as SP, you can download the portal IDP's SAML metadata and manually remove the HTTP-POST binding ACS support declaration. i.e.  

      <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://liferaysamlsp.com:8080/c/portal/saml/acs" index="1" isDefault="true"/>

      Save to an .xml file and upload via the portal's IDP connection configuration screen. This will prevent portal from sending HTTP-Post messages the the IDP. It will instead use other bindings that are declared. Which should only be HTTP-Redirect . i.e. 

      <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://liferaysamlsp.com:8080/c/portal/saml/acs" index="1" isDefault="true"/>

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              della.wang Della Wang (Inactive)
              Reporter:
              stian.sigvartsen Stian Sigvartsen
              Participants of an Issue:
              Recent user:
              Jason Pince
              Engineering Assignee:
              Stian Sigvartsen
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                22 weeks, 3 days ago

                  Packages

                  Version Package
                  7.0.X
                  7.1.X
                  7.2.X
                  7.3.X
                  7.3.6 CE GA7
                  Master