Forum Discussion

iftomkins's avatar
iftomkins
Maven
10 years ago

SSO registration page strips anchor from URL when redirects

Background: Our community is private, so all users who view it are signed in with SSO. To participate (vote/reply/etc.), users must choose a username.

 

The Problem: When we send users to the SSO page with a dest_url including an anchor tag, the anchor tag is stripped. (This is part of a workaround where we send users to the sso registration page manually when they click "Vote" on an idea, because the default Lithium behavior was to disable the action.)

 

For example, when users are on the SSO registration page, they are at this URL:

https://community.stage.fitbit.com/t5/user/ssoregistrationpage?dest_url=https://community.stage.fitbit.com/t5/Share-Your-Story/MY-EYES-HURT/m-p/717#M33

 

Once users choose a username, they are redirected to:

https://community.stage.fitbit.com/t5/Share-Your-Story/MY-EYES-HURT/m-p/717

 

The #M33 anchor on the end is missing! How do we make the anchor tag stay when the SSO page is redirecting to the dest_url value?

 

Thanks!

  • JasonL's avatar
    JasonL
    10 years ago

    hi iftomkins

    Afraid it's not possible. if I understand correctly, the browser will not send the URL fragment to server

     

    Here's a quote from:

    https://blog.httpwatch.com/2011/03/01/6-things-you-should-know-about-fragment-urls/

    "

    2. Fragments Are not Sent in HTTP Request Messages

    If you try using fragment URLs in an HTTP sniffer like HttpWatch, you’ll never see the fragment IDs in the requested URL or Referer header. The reason is that the fragment identifier is only used by the browser – it doesn’t affect which resource is returned from the server.

    "

     

    Since the Server never gets the URL fragment ID, it will not be able to redirect with any fragment ID

4 Replies

Sort By
  • JasonL's avatar
    JasonL
    Lithium Alumni (Retired)
    10 years ago

    hi iftomkins

    Afraid it's not possible. if I understand correctly, the browser will not send the URL fragment to server

     

    Here's a quote from:

    https://blog.httpwatch.com/2011/03/01/6-things-you-should-know-about-fragment-urls/

    "

    2. Fragments Are not Sent in HTTP Request Messages

    If you try using fragment URLs in an HTTP sniffer like HttpWatch, you’ll never see the fragment IDs in the requested URL or Referer header. The reason is that the fragment identifier is only used by the browser – it doesn’t affect which resource is returned from the server.

    "

     

    Since the Server never gets the URL fragment ID, it will not be able to redirect with any fragment ID

  • iftomkins's avatar
    iftomkins
    Maven
    10 years ago

    Thanks, Jason! That's too bad. Do you know of any workarounds?

  • JasonL's avatar
    JasonL
    Lithium Alumni (Retired)
    10 years ago

    hi iftomkins

    no workarounds that i'm aware of. 

     

    but i do question if the URL fragment is really needed for your use case. by default, the "Reply" button is correctly mapped to the reply page message id so even after login redirection, it goes comes back reply page with the correct id (no need for the URL fragment)

  • iftomkins's avatar
    iftomkins
    Maven
    10 years ago

    This is a workaround to fix a "product limitation", as we've been told, where users who have been authenticated via SSO (but have not "registered" with a username), are not able to click the Vote button in the Ideas Exchange.

     

    For most Lithium instances, a non-registered user would be allowed to click it, then prompted to choose a username, and then redirected to the message they were viewing (with the vote action taken). However, this doesn't happen on our site. We've been told it's because we authenticate all users via SSO who view the site, so users are in a "partially registered" state.

     

    This workaround manually adds a link to the disabled button, which allows users to click it and be directed to choose a username on the SSO registration page, then returned to the page they were on. We were trying to use the "fragment" to return people to the exact same message they were voting on.