diff --git a/extensions/guacamole-auth-openid/src/main/resources/config/openidConfig.js b/extensions/guacamole-auth-openid/src/main/resources/config/openidConfig.js index 12bc0dabb..5d0b6b22f 100644 --- a/extensions/guacamole-auth-openid/src/main/resources/config/openidConfig.js +++ b/extensions/guacamole-auth-openid/src/main/resources/config/openidConfig.js @@ -31,24 +31,3 @@ angular.module('guacOpenID').config(['formServiceProvider', }); }]); - -/** - * Config block which augments the existing routing, providing special handling - * for the "id_token=" fragments provided by OpenID Connect. - */ -angular.module('index').config(['$routeProvider', - function indexRouteConfig($routeProvider) { - - // Transform "/#/id_token=..." to "/#/?id_token=..." - $routeProvider.when('/id_token=:response', { - - template : '', - controller : ['$location', function reroute($location) { - var params = $location.path().substring(1); - $location.url('/'); - $location.search(params); - }] - - }); - -}]); diff --git a/extensions/guacamole-auth-openid/src/main/resources/transformToken.js b/extensions/guacamole-auth-openid/src/main/resources/transformToken.js new file mode 100644 index 000000000..7ebd18395 --- /dev/null +++ b/extensions/guacamole-auth-openid/src/main/resources/transformToken.js @@ -0,0 +1,36 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * Before AngularJS routing takes effect, test whether the URL fragment + * contains an OpenID Connect "id_token" parameter, and reformat the fragment + * such that the client side of Guacamole's authentication system will + * automatically forward the "id_token" value for server-side validation. + * + * Note that not all OpenID identity providers will include the "id_token" + * parameter in the first position; it may occur after several other parameters + * within the hash. + */ +(function guacOpenIDTransformToken() { + + // Transform "/#id_token=..." to "/#/?id_token=..." + if (/(^#|&)id_token=/.test(location.hash)) + location.hash = '/?' + location.hash.substring(1); + +})();