Reputation: 138
How do I make OKTA redirect a parameterized URL correctly?
TLDR: I have a site protected with Okta SAML authentication, but somehow during my redirect and authentication phase, the redirect, which is a parameter in the URL, gets lost. Looking for advice.
Background: I have a Linux server with Apache using Mellon to connect to Okta for SAML authentication.
I have a url like this:
https://docs.example.com/current/readme
I have a redirect.php file at the root of example.com that redirects the user to something like
https://docs.example.com/docs/version/Default.php#cshid=readme
That is the generated output URL for context-sensitive help, which in turn redirects the user to something like:
https://docs.example.com/docs/version/content/readme.php
That all works if you are already authenticated with SAML. However, if you aren't already authenticated, you get sent to Okta.
https://success.example.com/login/login.htm?fromURI=%2Fapp%2Fssoexample_docsexamplecom_2%2Fexk4g2c3ofeuJWRSu4x6%2Fsso%2Fsaml%3FSAMLRequest%3DhZJfT8IwFMW%252FytJ3aBljaAMkAyTBqDHgn8QX0pSLNG7t7G0Rv73tFhVf8KnN7Tm553fSEYqqrHnh3V6v4N0DuulSA3Em%252BLmymiTL%252BZhsslk6HE6nxbTH8sHVIOvnLGWzxXSYXxbZBVuQ5pYanRCuzBiaa%252FD8k46eOgNOevxjL2QZB4YlBauce2dq5FTil5KQOweQIud6kpTUW2TUji%252BZa%252Bp7Jsd%252BOvkycxohJjhHK1sRVx6a8PZUVVdKqkcSRbGSmhKH5OdKBEi2n1oRx3gZ1J8lxWX%252BQrsGuxBSXhc3fyCxdynVBWUpdG0NuhWgHVMQCajGJo35dnJeeeInmpH7fe4C2jL%252Bb0J6T9j9kr8Qx4natvZNVLurNCoQgOBKez4mFkQLnA664HQSbvy7yecfAE%253D%26RelayState%3Dhttps%253A%252F%252Fdocs.example.com%252FDocs%252Fcurrent%252FTopNav%252FDefault.php#cshid=readme
So, at the end of that URL, the hash and parameter are retained: #cshid=readme
However, after I successfully log in, somehow the URL looses the #cshid=readme and just redirects me to:
https://docs.example.com/docs/version/Default.php
Any ideas how I can make it retain the hash and the content after the hash? I'm not the person who configured mellon or Okta, but I'd like to have a solution in mind before I contact them with my issue.
Upvotes: 0
Views: 1142
Answers (1)
Reputation: 1
In case someone else comes across a similar issue, there are a couple of possible solutions to these scenarios.
Replacing the # with ?. In this context, https://docs.example.com/docs/version/Default.php?cshid=readme
Encoding the # as %23 (still not likely to work in most cases). https://docs.example.com/docs/version/Default.php%23cshid=readme
It is expected that everything after the # is dropped. Fragment parameters are used only on the client-side, but the server will ignore it, which is why Okta is ignoring that portion of the URL.
Using ? instead of # will usually solve most issues.
Upvotes: 0
Related Questions
- OKTA - OAuthError: Illegal value for redirect_uri parameter
- Prevent Okta from authenticating user during OAuth 2.0 authorization redirect
- Okta redirect URI when used as OpenID IDP provider in Azure AD B2C
- Convert OkHttp's HttpUrl to a relative url
- How to redirect users to custom web page after sign in from okta sign in widget?
- Dynamic URL in OKTA redirect_uri
- How to handle redirect url for mobile application - OAuth 2.0 Authorization Code Flow with PKCE
- oktaSignIn login success but not able to redirect url
- Okta application just redirect to a url
- Spring SAML Okta - How to redirect to a custom URL in IDP initiated flow