Use a non-empty RelayState for user interactive auth with SAML. (#7552)

author: Patrick Cloke <clokep@users.noreply.github.com> 2020-05-22 07:17:30 -0400
committer: GitHub <noreply@github.com> 2020-05-22 07:17:30 -0400
commit: 66f2ebc22fec01b4673fabae22f2c94dfeac58e3 (patch)
tree: 777b442d9502e2942b372c8eb8507bc1ae37ab84 /synapse
parent: On upgrade room only send canonical alias once. (#7547) (diff)
download: synapse-66f2ebc22fec01b4673fabae22f2c94dfeac58e3.tar.xz
1 files changed, 4 insertions, 1 deletions
diff --git a/synapse/rest/client/v2_alpha/auth.py b/synapse/rest/client/v2_alpha/auth.py
index 7bca1326d5..75590ebaeb 100644
--- a/synapse/rest/client/v2_alpha/auth.py
+++ b/synapse/rest/client/v2_alpha/auth.py
@@ -177,7 +177,10 @@ class AuthRestServlet(RestServlet):
                 )
 
             elif self._saml_enabled:
-                client_redirect_url = b""
+                # Some SAML identity providers (e.g. Google) require a
+                # RelayState parameter on requests. It is not necessary here, so
+                # pass in a dummy redirect URL (which will never get used).
+                client_redirect_url = b"unused"
                 sso_redirect_url = self._saml_handler.handle_redirect_request(
                     client_redirect_url, session
                 )
author	Patrick Cloke <clokep@users.noreply.github.com>	2020-05-22 07:17:30 -0400
committer	GitHub <noreply@github.com>	2020-05-22 07:17:30 -0400
commit	66f2ebc22fec01b4673fabae22f2c94dfeac58e3 (patch)
tree	777b442d9502e2942b372c8eb8507bc1ae37ab84 /synapse
parent	On upgrade room only send canonical alias once. (#7547) (diff)
download	synapse-66f2ebc22fec01b4673fabae22f2c94dfeac58e3.tar.xz