From 544b1c73f69f1aaca0d61905cb0ca61b27a13181 Mon Sep 17 00:00:00 2001 From: Thisara-Welmilla Date: Mon, 16 Oct 2023 18:09:05 +0530 Subject: [PATCH] Fix issue in setting root path for cookies. --- .../saml/servlet/SAMLSSOProviderServlet.java | 28 +++++++++++++++---- pom.xml | 2 +- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/servlet/SAMLSSOProviderServlet.java b/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/servlet/SAMLSSOProviderServlet.java index 2cbf19459..1d2a8ae08 100644 --- a/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/servlet/SAMLSSOProviderServlet.java +++ b/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/servlet/SAMLSSOProviderServlet.java @@ -1503,11 +1503,21 @@ private void storeTokenIdCookie(String sessionId, HttpServletRequest req, HttpSe if (IdentityTenantUtil.isTenantedSessionsEnabled() && sessionId.endsWith(SAMLSSOConstants.TENANT_QUALIFIED_TOKEN_ID_COOKIE_SUFFIX)) { if (loggedInTenantDomain != null) { - samlssoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + loggedInTenantDomain + - SAMLSSOConstants.COOKIE_ROOT_PATH); + if (!IdentityTenantUtil.isSuperTenantRequiredInUrl() && + MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(loggedInTenantDomain)) { + samlssoTokenIdCookie.setPath(SAMLSSOConstants.COOKIE_ROOT_PATH); + } else { + samlssoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + loggedInTenantDomain + + SAMLSSOConstants.COOKIE_ROOT_PATH); + } } else { - samlssoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + tenantDomain + - SAMLSSOConstants.COOKIE_ROOT_PATH); + if (!IdentityTenantUtil.isSuperTenantRequiredInUrl() && + MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) { + samlssoTokenIdCookie.setPath(SAMLSSOConstants.COOKIE_ROOT_PATH); + } else { + samlssoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + tenantDomain + + SAMLSSOConstants.COOKIE_ROOT_PATH); + } } isTenantQualifiedCookie = true; } else { @@ -1560,8 +1570,14 @@ public void removeTokenIdCookie(HttpServletRequest req, HttpServletResponse resp boolean isTenantQualifiedCookie = false; if (IdentityTenantUtil.isTenantedSessionsEnabled() && cookie.getValue() != null && cookie.getValue().endsWith(SAMLSSOConstants.TENANT_QUALIFIED_TOKEN_ID_COOKIE_SUFFIX)) { - samlSsoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + loggedInTenantDomain + - SAMLSSOConstants.COOKIE_ROOT_PATH); + + if (!IdentityTenantUtil.isSuperTenantRequiredInUrl() && + MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(loggedInTenantDomain)) { + samlSsoTokenIdCookie.setPath(SAMLSSOConstants.COOKIE_ROOT_PATH); + } else { + samlSsoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + loggedInTenantDomain + + SAMLSSOConstants.COOKIE_ROOT_PATH); + } isTenantQualifiedCookie = true; } else { samlSsoTokenIdCookie.setPath(SAMLSSOConstants.COOKIE_ROOT_PATH); diff --git a/pom.xml b/pom.xml index d15a59ed7..4c97e45a6 100644 --- a/pom.xml +++ b/pom.xml @@ -457,7 +457,7 @@ 4.9.10 4.9.0 - 5.25.305 + 5.25.406 [5.25.260, 7.0.0) 1.0.0