Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-11072

Allow customization of request parameter used to check CSRF state

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 7.3
    • Labels:
      None
    • Edition:
      Community
    • Production Notes:
      None

      Description

      In OAuth standard, the request parameter to check the CSRF state in the callback is "state".
      But in other authentication system, for instance SAML, this parameter is different ("RelayState" in the case of SAML).

      The IdentityProvider API should then allow to customize this parameter.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                julien.lancelot Julien Lancelot
                Reporter:
                julien.lancelot Julien Lancelot
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: