By: ved singh user 06 Jan 2018 at 9:56 p.m. CST

5 Responses
ved singh gravatar

Hi,

Is it possible to redirect to Gluu login page from service provider website and pass in a query parameter.Currently the parameter is lost.

So after redirect when user lands on gluu idp login page it looks something like this:

https://<idp-gluu-host>/oxauth/login?hash=vhFp2H3EcRDIjWkQ==

Thanks.

By Thomas Gasmyr Mougang staff 07 Jan 2018 at 2:02 a.m. CST

Thomas Gasmyr Mougang gravatar

Hi,

Can you provide more information. What are you attempting to do with that parameter?

Why to you want to redirect to Gluu login page with a parameter?

Please be more specific so that we can help.

By ved singh user 07 Jan 2018 at 6:22 p.m. CST

ved singh gravatar

Thanks Thomas for replying and apologies for been vague.

This token will be generated by SP which will used to identify some condition and context.For things like:

  • Putting contextual message on login screen

  • To post/get data from/to the SP. For example to implement remember-me use case, we plan to store this token in cookie and on page load this token will be used to fetch user data from SP and then do auto-submit.

Thanks

By Michael Schwartz staff 08 Jan 2018 at 1:53 p.m. CST

Michael Schwartz gravatar

Depends what version you are using. In version 3.1.1 I think it's supported. I know it will be supported in version 3.1.2

As a workaround, you can send a JSON object as the state param. For example:

state={"salt":"abc123", "param1":"spam", "param2":"eggs"}

It's important to have a random salt value, so the state param is not static or guessable.

You can pick up the state param in a custom authentication script, like the Passport authn script

identity = CdiUtil.bean(Identity)
sessionId =  identity.getSessionId()
sessionAttribute = sessionId.getSessionAttributes()
print "session %s" % sessionAttribute
oldState = sessionAttribute.get("state")

By ved singh user 08 Jan 2018 at 11:29 p.m. CST

ved singh gravatar

Thanks Michael.

Quick question - how do I set the state param? The state is passed to Gluu as a query parameter. Is it that any query parameter added to Gluu login url gets added to sessionAttribute?

Is yes, then I should be able to get the value like this:

<h:outputLabel styleClass="control-label" value="#{identity.sessionId.sessionAttributes['state']}" />

By Thomas Gasmyr Mougang staff 09 Jan 2018 at 2:25 p.m. CST

Thomas Gasmyr Mougang gravatar

Hi Ved,

Here is a simple request:

https://gluu.gasmyr.com/oxauth/restv1/authorize?response_type=code&scope=openid%20profile%20email&client_id=%40!29D2.E032.E092.C475!0001!D895.0D17!0008!2123.2050.07CF.A7E4&state=8UwGdSPw1fpIPnAdpP38Vq61Z08&redirect_uri=https%3A%2F%2Foic.gasmyr.com%2Fcallback&nonce=EItbfI0bCJls96OWSdk0m28bOSTQAWtMP93tJCRQLls

As you can see there is a parameter named state in that request.

As Michael states you can send that state parameter as a JSON object.

Changing state parameter to JSON object allow to you to add one or more custom parameters as json field and use custom authentication script to retrieve theses values on Gluu server side.

This mean that custom authentication knows about the state parameter and all you have to do is get that parameter and retrieve the fields you have added.

Thanks!