EDS fatal error "No URL return parameter provided"

Peter Schober peter.schober at univie.ac.at
Mon Dec 7 15:32:06 UTC 2020 

For an application with lazy SP sessions I noticed that REQUEST_URI
paths were missing when returning to the application. When looking
into this I saw that I had hard-coded the EDS "defaultReturn"
parameter and everyone simple ended up at this URL (the site's home
page):

  //this.defaultReturn = null;       // If non null, then the default place to send users who are not approaching via the Discovery Protocol
  this.defaultReturn = "https://sp.example.org/Shibboleth.sso/Login?SAMLDS=1&target=https%3A%2F%2Fsp.example.org%2F";
  this.defaultReturn = "https://filesender.aco.net/Shibboleth.sso/Login?target=https%3A%2F%2Ffilesender.aco.net%2F";

(I might have done that because that application renders the EDS on its
front page, i.e. outside of a DS protocol flow.)

But even if I change this and invoke a copy of the EDS only via the DS
protocol I'm still getting the following JS error to pop up when I leave
this.defaultReturn=null (and don't set this.defaultReturn to a URL
as per above):

  FATAL - DISCO UI:No URL return parameter provided

What the application does during SSO is pass the URL the subject
should end up after loggin in as value of the 'target' parameter to
the SP's session initiator. Exactly like the (static) value of the EDS
setting 'this.defaultReturn' above, only with a (varying) REQUEST_URI
added, e.g.:
https://filesender.aco.net/Shibboleth.sso/Login?target=https%3A%2F%2Ffilesender.aco.net%2F%3Fs%3Dtransfers%23transfer_123456
(never mind this not being ideal because it forces a new SP session
even if I already had a valid one. Let's ignore that.)
which redirects me to the EDS with the following request parameters:
https://filesender.aco.net/login/?entityID=https%3A%2F%2Ffilesender.aco.net%2Fsaml&return=https%3A%2F%2Ffilesender.aco.net%2FShibboleth.sso%2FLogin%3FSAMLDS%3D1%26target%3Dss%253Amem%253Aa3d5405cc4ec09b9b9b97e9ece9d899f438a9a69a6a8a3bd7ca91e5385c51150
And with this.defaultReturn=null set the journey ends there, with the
"No URL return parameter provided" error from the EDS.

If I do set this.defaultReturn to a static URL the EDS renders fine
but upon selecting my IDP the EDS has turned this into the following
GET request to the SP:
https://filesender.aco.net/Shibboleth.sso/Login?SAMLDS=1&target=https%3A%2F%2Ffilesender.aco.net%2F&entityID=https%3A%2F%2Fidp.example.net%2Fidp%2Fshibboleth

I.e., the static this.defaultReturn has now replaced the (dynamic,
desired) 'target' value with the (static, "default") 'target' value.
Meaning the subject always ends up at the "defaultReturn" URL and not
at the dynamic URL passed to the SP initially.

Any hints what I may be doing wrong here?

-peter

More information about the users mailing list