Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Customize request tracker cookie path #513

Open
watercraft opened this issue Apr 27, 2023 · 0 comments
Open

Customize request tracker cookie path #513

watercraft opened this issue Apr 27, 2023 · 0 comments

Comments

@watercraft
Copy link

For my SAML integration I need to be able to track the initial request across different source URLs. For this purpose I forked the project and added the following diff. Would you be open to taking this change or some version of it?

diff --git a/samlsp/new.go b/samlsp/new.go
index 3339743..11fe1f0 100644
--- a/samlsp/new.go
+++ b/samlsp/new.go
@@ -24,6 +24,7 @@ type Options struct {
        SignRequest       bool
        ForceAuthn        bool // TODO(ross): this should be *bool
        CookieSameSite    http.SameSite
+       CookiePath        string
        RelayStateFunc    func(w http.ResponseWriter, r *http.Request) string
 }
 
@@ -49,6 +50,7 @@ func DefaultSessionProvider(opts Options) CookieSessionProvider {
                HTTPOnly: true,
                Secure:   opts.URL.Scheme == "https",
                SameSite: opts.CookieSameSite,
+               Path:     opts.CookiePath,
                Codec:    DefaultSessionCodec(opts),
        }
 }
@@ -75,6 +77,7 @@ func DefaultRequestTracker(opts Options, serviceProvider *saml.ServiceProvider)
                MaxAge:          saml.MaxIssueDelay,
                RelayStateFunc:  opts.RelayStateFunc,
                SameSite:        opts.CookieSameSite,
+               Path:            opts.CookiePath,
        }
 }
 
diff --git a/samlsp/request_tracker_cookie.go b/samlsp/request_tracker_cookie.go
index d9189f6..a77d530 100644
--- a/samlsp/request_tracker_cookie.go
+++ b/samlsp/request_tracker_cookie.go
@@ -21,6 +21,7 @@ type CookieRequestTracker struct {
        MaxAge          time.Duration
        RelayStateFunc  func(w http.ResponseWriter, r *http.Request) string
        SameSite        http.SameSite
+       Path            string
 }
 
 // TrackRequest starts tracking the SAML request with the given ID. It returns an
@@ -44,6 +45,10 @@ func (t CookieRequestTracker) TrackRequest(w http.ResponseWriter, r *http.Reques
                return "", err
        }
 
+       path := t.ServiceProvider.AcsURL.Path
+       if t.Path != "" {
+               path = t.Path
+       }
        http.SetCookie(w, &http.Cookie{
                Name:     t.NamePrefix + trackedRequest.Index,
                Value:    signedTrackedRequest,
@@ -51,7 +56,7 @@ func (t CookieRequestTracker) TrackRequest(w http.ResponseWriter, r *http.Reques
                HttpOnly: true,
                SameSite: t.SameSite,
                Secure:   t.ServiceProvider.AcsURL.Scheme == "https",
-               Path:     t.ServiceProvider.AcsURL.Path,
+               Path:     path,
        })
 
        return trackedRequest.Index, nil
diff --git a/samlsp/session_cookie.go b/samlsp/session_cookie.go
index 4d557ee..e9644c0 100644
--- a/samlsp/session_cookie.go
+++ b/samlsp/session_cookie.go
@@ -22,6 +22,7 @@ type CookieSessionProvider struct {
        SameSite http.SameSite
        MaxAge   time.Duration
        Codec    SessionCodec
+       Path     string
 }
 
 // CreateSession is called when we have received a valid SAML assertion and
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@watercraft