Fix issue in setting root path for cookies.

wso2-extensions · Oct 16, 2023 · 7155b2c · 7155b2c
1 parent 36b8d06
commit 7155b2c
Showing 1 changed file with 22 additions and 6 deletions.
diff --git a/....saml/src/main/java/org/wso2/carbon/identity/sso/saml/servlet/SAMLSSOProviderServlet.java b/....saml/src/main/java/org/wso2/carbon/identity/sso/saml/servlet/SAMLSSOProviderServlet.java
@@ -1503,11 +1503,21 @@ private void storeTokenIdCookie(String sessionId, HttpServletRequest req, HttpSe
         if (IdentityTenantUtil.isTenantedSessionsEnabled() &&
                 sessionId.endsWith(SAMLSSOConstants.TENANT_QUALIFIED_TOKEN_ID_COOKIE_SUFFIX)) {
             if (loggedInTenantDomain != null) {
-                samlssoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + loggedInTenantDomain +
-                        SAMLSSOConstants.COOKIE_ROOT_PATH);
+                if (!IdentityTenantUtil.isSuperTenantRequiredInUrl() &&
+                        MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(loggedInTenantDomain)) {
+                    samlssoTokenIdCookie.setPath(SAMLSSOConstants.COOKIE_ROOT_PATH);
+                } else {
+                    samlssoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + loggedInTenantDomain +
+                            SAMLSSOConstants.COOKIE_ROOT_PATH);
+                }
             } else {
-                samlssoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + tenantDomain +
-                        SAMLSSOConstants.COOKIE_ROOT_PATH);
+                if (!IdentityTenantUtil.isSuperTenantRequiredInUrl() &&
+                        MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
+                    samlssoTokenIdCookie.setPath(SAMLSSOConstants.COOKIE_ROOT_PATH);
+                } else {
+                    samlssoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + tenantDomain +
+                            SAMLSSOConstants.COOKIE_ROOT_PATH);
+                }
             }
             isTenantQualifiedCookie = true;
         } else {
@@ -1560,8 +1570,14 @@ public void removeTokenIdCookie(HttpServletRequest req, HttpServletResponse resp
                     boolean isTenantQualifiedCookie = false;
                     if (IdentityTenantUtil.isTenantedSessionsEnabled() && cookie.getValue() != null &&
                             cookie.getValue().endsWith(SAMLSSOConstants.TENANT_QUALIFIED_TOKEN_ID_COOKIE_SUFFIX)) {
-                        samlSsoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + loggedInTenantDomain +
-                                SAMLSSOConstants.COOKIE_ROOT_PATH);
+
+                        if (!IdentityTenantUtil.isSuperTenantRequiredInUrl() &&
+                                MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(loggedInTenantDomain)) {
+                            samlSsoTokenIdCookie.setPath(SAMLSSOConstants.COOKIE_ROOT_PATH);
+                        } else {
+                            samlSsoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + loggedInTenantDomain
+                                    + SAMLSSOConstants.COOKIE_ROOT_PATH);
+                        }
                         isTenantQualifiedCookie = true;
                     } else {
                         samlSsoTokenIdCookie.setPath(SAMLSSOConstants.COOKIE_ROOT_PATH);