From 8ae94f598b03b0c0154f5bc3d6bf8aa2963f00f2 Mon Sep 17 00:00:00 2001
From: Mohit Yadav <105265192+mohityadav766@users.noreply.github.com>
Date: Wed, 22 Jan 2025 11:46:32 +0530
Subject: [PATCH] [Fix-19437] Redirection issue on IDP initiated calls (#19443)

Co-authored-by: Siddhant <86899184+Siddhanttimeline@users.noreply.github.com>
Co-authored-by: Sriharsha Chintalapani <harshach@users.noreply.github.com>
(cherry picked from commit 5064602dc8228cfd0c60b31f07d6447851f8a226)
---
 .../saml/SamlAssertionConsumerServlet.java    | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/security/saml/SamlAssertionConsumerServlet.java b/openmetadata-service/src/main/java/org/openmetadata/service/security/saml/SamlAssertionConsumerServlet.java
index 2bc6a9cbd2b..516ba6d54e8 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/security/saml/SamlAssertionConsumerServlet.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/saml/SamlAssertionConsumerServlet.java
@@ -130,17 +130,22 @@ public class SamlAssertionConsumerServlet extends HttpServlet {
       // Redirect with JWT Token
       String redirectUri = (String) req.getSession().getAttribute(SESSION_REDIRECT_URI);
       String url =
-          redirectUri
-              + "?id_token="
-              + jwtAuthMechanism.getJWTToken()
-              + "&email="
-              + nameId
-              + "&name="
-              + username;
+          String.format(
+              "%s?id_token=%s&email=%s&name=%s",
+              (nullOrEmpty(redirectUri) ? buildBaseRequestUrl(req) : redirectUri),
+              jwtAuthMechanism.getJWTToken(),
+              nameId,
+              username);
       resp.sendRedirect(url);
     }
   }
 
+  private String buildBaseRequestUrl(HttpServletRequest req) {
+    // In case of IDP initiated one it needs to be built on fly, since the session might not exist
+    return String.format(
+        "%s://%s:%s/saml/callback", req.getScheme(), req.getServerName(), req.getServerPort());
+  }
+
   private JwtResponse getJwtResponseWithRefresh(
       User storedUser, JWTAuthMechanism jwtAuthMechanism) {
     RefreshToken newRefreshToken = TokenUtil.getRefreshToken(storedUser.getId(), UUID.randomUUID());