From 7055fb9a42c30c87b61778f89451edbd0e5ecdf4 Mon Sep 17 00:00:00 2001
From: Kraiem Taha Yassine <tahayk2@gmail.com>
Date: Mon, 11 Jul 2022 11:55:51 +0200
Subject: [PATCH] v1.7.0 hotfix (#591)

feat(api): check forwarded SSO path
---
 ee/api/chalicelib/utils/SAML2_helper.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ee/api/chalicelib/utils/SAML2_helper.py b/ee/api/chalicelib/utils/SAML2_helper.py
index c00081d2c..5d8ee5ffc 100644
--- a/ee/api/chalicelib/utils/SAML2_helper.py
+++ b/ee/api/chalicelib/utils/SAML2_helper.py
@@ -97,12 +97,14 @@ async def prepare_request(request: Request):
     # add / to /acs
     if not path.endswith("/"):
         path = path + '/'
+    if not path.startswith("/api"):
+        path = "/api" + path
 
     return {
         'https': 'on' if proto == 'https' else 'off',
         'http_host': request.headers['host'],
         'server_port': url_data.port,
-        'script_name': "/api" + path,
+        'script_name': path,
         'get_data': request.args.copy(),
         # Uncomment if using ADFS as IdP, https://github.com/onelogin/python-saml/pull/144
         # 'lowercase_urlencoding': True,