summary refs log tree commit diff
path: root/synapse/rest/client
diff options
context:
space:
mode:
authorPatrick Cloke <clokep@users.noreply.github.com>2020-05-22 07:17:30 -0400
committerGitHub <noreply@github.com>2020-05-22 07:17:30 -0400
commit66f2ebc22fec01b4673fabae22f2c94dfeac58e3 (patch)
tree777b442d9502e2942b372c8eb8507bc1ae37ab84 /synapse/rest/client
parentOn upgrade room only send canonical alias once. (#7547) (diff)
downloadsynapse-66f2ebc22fec01b4673fabae22f2c94dfeac58e3.tar.xz
Use a non-empty RelayState for user interactive auth with SAML. (#7552)
Diffstat (limited to 'synapse/rest/client')
-rw-r--r--synapse/rest/client/v2_alpha/auth.py5
1 files changed, 4 insertions, 1 deletions
diff --git a/synapse/rest/client/v2_alpha/auth.py b/synapse/rest/client/v2_alpha/auth.py
index 7bca1326d5..75590ebaeb 100644
--- a/synapse/rest/client/v2_alpha/auth.py
+++ b/synapse/rest/client/v2_alpha/auth.py
@@ -177,7 +177,10 @@ class AuthRestServlet(RestServlet):
                 )
 
             elif self._saml_enabled:
-                client_redirect_url = b""
+                # Some SAML identity providers (e.g. Google) require a
+                # RelayState parameter on requests. It is not necessary here, so
+                # pass in a dummy redirect URL (which will never get used).
+                client_redirect_url = b"unused"
                 sso_redirect_url = self._saml_handler.handle_redirect_request(
                     client_redirect_url, session
                 )