From eea362969ece020e6b0c924dc8fae8f4adc493ad Mon Sep 17 00:00:00 2001
From: Kraiem Taha Yassine <tahayk2@gmail.com>
Date: Wed, 6 Mar 2024 18:59:49 +0100
Subject: [PATCH] fix(chalice): check relayState type for SSO (#1932)

---
 ee/api/routers/saml.py | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/ee/api/routers/saml.py b/ee/api/routers/saml.py
index dd7819f9e..aeaa107f2 100644
--- a/ee/api/routers/saml.py
+++ b/ee/api/routers/saml.py
@@ -44,8 +44,20 @@ async def process_sso_assertion(request: Request):
         logger.error("Received invalid post_data")
         logger.error("type: {}".format(type(post_data)))
         logger.error(post_data)
+        post_data = {}
+
+    redirect_to_link2 = None
+    relay_state = post_data.get('RelayState')
+    if relay_state:
+        if isinstance(relay_state, str):
+            relay_state = json.loads(relay_state)
+        elif not isinstance(relay_state, dict):
+            logger.error("Received invalid relay_state")
+            logger.error("type: {}".format(type(relay_state)))
+            logger.error(relay_state)
+            relay_state = {}
+        redirect_to_link2 = relay_state.get("iFrame")
 
-    redirect_to_link2 = post_data.get('RelayState', {}).get("iFrame")
     request_id = None
     if 'AuthNRequestID' in session:
         request_id = session['AuthNRequestID']