You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
pulls the relay-state from the request, while it is actually formulating a request towards the SAML IdP.
Two questions:
Would it be not more opportune to either omit, or otherwise create it from options provided to the authenticate call? This way applications can associate some of their own state with the login request. The passport standard AuthenticateOptions construct has a default state option that might be used for this.
Would it be possible to expose the relaystate to the verify callback? I can pull it from the request, but I suppose it is cleaner if it is exposed in the API. This way the application can 'recover' the state associated with the login request after the callback.
Regards,
Joost
The text was updated successfully, but these errors were encountered:
Would it be not more opportune to either omit, or otherwise create it from options provided to the authenticate call?
Side note:
Based on this comment #157 (comment)
in case of redirect binding (which is default for authnrequestbinding) is used one can already pass RelayState via options object for authenticate function.
Thank for pointing that out, overriding the RelayState via the options will work for me.
However, I still wonder why the RelayState is fetched from the request in this particular case. You may consider removing it, unless it is part of some particular flow I don't understand at this moment...
passport-saml/src/strategy.ts
Lines 193 to 194 in 72effd8
Two questions:
AuthenticateOptions
construct has a default state option that might be used for this.Regards,
Joost
The text was updated successfully, but these errors were encountered: