-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Code is posting form back to url specified in configuration, not to the url you are on #37
Comments
ericdbarry
added a commit
to ericdbarry/awsprocesscreds
that referenced
this issue
Jul 29, 2019
ericdbarry
added a commit
to ericdbarry/awsprocesscreds
that referenced
this issue
Jul 29, 2019
awslabs#37 Fixing incorrect endpoint for posting the form data.
ericdbarry
added a commit
to ericdbarry/awsprocesscreds
that referenced
this issue
Jul 29, 2019
ericdbarry
added a commit
to ericdbarry/awsprocesscreds
that referenced
this issue
Jul 30, 2019
awslabs#37 Fixing incorrect endpoint for posting the form data.
ericdbarry
added a commit
to ericdbarry/awsprocesscreds
that referenced
this issue
Aug 2, 2019
…ion posting and landing page redirects.
ericdbarry
added a commit
to ericdbarry/awsprocesscreds
that referenced
this issue
Aug 2, 2019
awslabs#37 - fixing tests and adding in two new ones to deal with action pos…
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We have a SAML flow that starts with a landing URL that sets some specific session metadata and then re-routes you to the real login form. This is causing issues, specifically with the code in the method: GenericFormsBasedAuthenticator._retrieve_login_form_from_endpoint(endpoint, verify=True)
The above code assumes that the page you visited initially is the same URL you are currently on, which is not always true. Regardless, the HTML spec is pretty specific: https://www.w3.org/TR/html52/sec-forms.html#form-submission-algorithm
Naively I just replaced the endpoint with response.url and it worked as expected. but I haven't pored through the rest of the code to see if this would affect another place (like, session management?)
The text was updated successfully, but these errors were encountered: