saml icon indicating copy to clipboard operation
saml copied to clipboard

Published 20 hours ago verified publisher icon crewjam

Customize request tracker cookie path

Open watercraft opened this issue 1 year ago • 0 comments

For my SAML integration I need to be able to track the initial request across different source URLs. For this purpose I forked the project and added the following diff. Would you be open to taking this change or some version of it?

diff --git a/samlsp/new.go b/samlsp/new.go
index 3339743..11fe1f0 100644
--- a/samlsp/new.go
+++ b/samlsp/new.go
@@ -24,6 +24,7 @@ type Options struct {
        SignRequest       bool
        ForceAuthn        bool // TODO(ross): this should be *bool
        CookieSameSite    http.SameSite
+       CookiePath        string
        RelayStateFunc    func(w http.ResponseWriter, r *http.Request) string
 }
 
@@ -49,6 +50,7 @@ func DefaultSessionProvider(opts Options) CookieSessionProvider {
                HTTPOnly: true,
                Secure:   opts.URL.Scheme == "https",
                SameSite: opts.CookieSameSite,
+               Path:     opts.CookiePath,
                Codec:    DefaultSessionCodec(opts),
        }
 }
@@ -75,6 +77,7 @@ func DefaultRequestTracker(opts Options, serviceProvider *saml.ServiceProvider)
                MaxAge:          saml.MaxIssueDelay,
                RelayStateFunc:  opts.RelayStateFunc,
                SameSite:        opts.CookieSameSite,
+               Path:            opts.CookiePath,
        }
 }
 
diff --git a/samlsp/request_tracker_cookie.go b/samlsp/request_tracker_cookie.go
index d9189f6..a77d530 100644
--- a/samlsp/request_tracker_cookie.go
+++ b/samlsp/request_tracker_cookie.go
@@ -21,6 +21,7 @@ type CookieRequestTracker struct {
        MaxAge          time.Duration
        RelayStateFunc  func(w http.ResponseWriter, r *http.Request) string
        SameSite        http.SameSite
+       Path            string
 }
 
 // TrackRequest starts tracking the SAML request with the given ID. It returns an
@@ -44,6 +45,10 @@ func (t CookieRequestTracker) TrackRequest(w http.ResponseWriter, r *http.Reques
                return "", err
        }
 
+       path := t.ServiceProvider.AcsURL.Path
+       if t.Path != "" {
+               path = t.Path
+       }
        http.SetCookie(w, &http.Cookie{
                Name:     t.NamePrefix + trackedRequest.Index,
                Value:    signedTrackedRequest,
@@ -51,7 +56,7 @@ func (t CookieRequestTracker) TrackRequest(w http.ResponseWriter, r *http.Reques
                HttpOnly: true,
                SameSite: t.SameSite,
                Secure:   t.ServiceProvider.AcsURL.Scheme == "https",
-               Path:     t.ServiceProvider.AcsURL.Path,
+               Path:     path,
        })
 
        return trackedRequest.Index, nil
diff --git a/samlsp/session_cookie.go b/samlsp/session_cookie.go
index 4d557ee..e9644c0 100644
--- a/samlsp/session_cookie.go
+++ b/samlsp/session_cookie.go
@@ -22,6 +22,7 @@ type CookieSessionProvider struct {
        SameSite http.SameSite
        MaxAge   time.Duration
        Codec    SessionCodec
+       Path     string
 }
 
 // CreateSession is called when we have received a valid SAML assertion and

watercraft avatar Apr 27 '23 21:04 watercraft