Spring SAML Extension seem to disregard the query string param configured in IDP xml. Here is the configuration
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://<provier host>/saml/?query1=xxx&query2=yyy"/>
1) When the SSO request gets redirected, SAML extension seem to strip anything after ? and send only SAMLRequest query string param.
2) Also I wanted modify query string param value based on some configuration so that I can hit environment specific endpoints for testing and development
Is there a way to intercept the redirection request before the redirection to satisfy the above needs?
The query parameters are removed by the underlaying OpenSAML library in class org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder. You can extend this class, override method buildRedirectURL and add parameters as you need to the constructed URL. Your implementation would then need to be added to bean org.springframework.security.saml.processor.HTTPRedirectDeflateBinding using its constructor which accepts instances of MessageDecoder and MessageEncoder.