Univention Bugzilla – Bug 52338
UMC-Web-Server: don't store relay state dictionary
Last modified: 2020-11-25 12:08:05 CET
We are currently storing a dictionary relay_state between the SAML AuthNRequest and the response to it to redirect the user back to the location where he came from. Instead, this is regular SAML behavior, we should just set the URL/path as relay state. Then we don't leak a never removed dictionary entry in case the user never comes back. (And we currently don't seem to remove it at all ever).
Fixed in: univention-management-console.yaml 34b46e2fc39d | YAML Bug #52338 univention-management-console (11.0.5-11) ad51dd79f9b7 | Bug #52338: do not store relay state between requests
OK: Login flow still works OK: Code OK: YAML
<https://errata.software-univention.de/#/?erratum=4.4x822>