Merge pull request #479 from zitadel/saml-post

fix(SAML): use route handler to saml post
2025-08-11 20:17:32 +00:00 · 2025-06-24 10:01:36 +02:00
parent 306fe21d40 2bb251b82b
commit 9c7ea795a2
2 changed files with 30 additions and 43 deletions
--- a/apps/login/src/app/(login)/saml-post/page.tsx
+++ b/apps/login/src/app/(login)/saml-post/page.tsx
@@ -1,43 +0,0 @@
 "use client";
 import { useSearchParams } from "next/navigation";
 import { useEffect } from "react";
 export default function SamlPost() {
  const searchParams = useSearchParams();
  const url = searchParams.get("url");
  const relayState = searchParams.get("RelayState");
  const samlResponse = searchParams.get("SAMLResponse");
  useEffect(() => {
    // Automatically submit the form after rendering
    const form = document.getElementById("samlForm") as HTMLFormElement;
    if (form) {
      form.submit();
    }
  }, []);
  if (!url || !relayState || !samlResponse) {
    return (
      <p className="text-center">Missing required parameters for SAML POST.</p>
    );
  }
  return (
    <html lang="en">
      <head>
        <meta charSet="UTF-8" />
        <meta name="viewport" content="width=device-width, initial-scale=1.0" />
        <title>Redirecting...</title>
      </head>
      <body>
        <form id="samlForm" action={url} method="POST">
          <input type="hidden" name="RelayState" value={relayState} />
          <input type="hidden" name="SAMLResponse" value={samlResponse} />
        </form>
        <p>Redirecting...</p>
      </body>
    </html>
  );
 }
--- a/apps/login/src/app/(login)/saml-post/route.ts
+++ b/apps/login/src/app/(login)/saml-post/route.ts
@@ -0,0 +1,30 @@
 import { NextRequest, NextResponse } from "next/server";
 export async function GET(request: NextRequest) {
  const searchParams = request.nextUrl.searchParams;
  const url = searchParams.get("url");
  const relayState = searchParams.get("RelayState");
  const samlResponse = searchParams.get("SAMLResponse");
  if (!url || !relayState || !samlResponse) {
    return new NextResponse("Missing required parameters", { status: 400 });
  }
  // Respond with an HTML form that auto-submits via POST
  const html = `
    <html>
      <body onload="document.forms[0].submit()">
        <form action="${url}" method="post">
          <input type="hidden" name="RelayState" value="${relayState}" />
          <input type="hidden" name="SAMLResponse" value="${samlResponse}" />
          <noscript>
            <button type="submit">Continue</button>
          </noscript>
        </form>
      </body>
    </html>
  `;
  return new NextResponse(html, {
    headers: { "Content-Type": "text/html" },
  });
 }