Hi Jason - Thank you for tracking this down and providing a PR for it! I've commented on the PR itself and am copying Jérôme on this thread.
@Jérôme - Heads up - we are currently on 3.7 and will need to get a version with this fix, I think. Thanks again, Jason! --larry On Thu, Jul 11, 2019 at 6:53 PM Jason Wang <jas...@cloudera.com.invalid> wrote: > Hi folks, > > Here's a pac4j bug that effects Knox use cases: > > Any query parameter(s) set in an idp-metadata file, as part of the > HTTP-Redirect Location, are dropped from the resulting URL. For example, if > this was in your idp-metadata file, the query parameter 'qp' would not > appear in the resulting URL: > > <md:SingleSignOnService > Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location=" > http://some-host/some-path?qp=thisWouldBeDropped"/> > > Here's the PR: https://github.com/pac4j/pac4j/pull/1339 > > Thanks, > Jason >
