Forum Discussion

iftomkins's avatar
iftomkins
Maven
10 years ago

SSO registration page strips anchor from URL when redirects

Background: Our community is private, so all users who view it are signed in with SSO. To participate (vote/reply/etc.), users must choose a username.   The Problem: When we send users to the SSO p...
  • JasonL's avatar
    JasonL
    10 years ago

    hi iftomkins

    Afraid it's not possible. if I understand correctly, the browser will not send the URL fragment to server

     

    Here's a quote from:

    https://blog.httpwatch.com/2011/03/01/6-things-you-should-know-about-fragment-urls/

    "

    2. Fragments Are not Sent in HTTP Request Messages

    If you try using fragment URLs in an HTTP sniffer like HttpWatch, you’ll never see the fragment IDs in the requested URL or Referer header. The reason is that the fragment identifier is only used by the browser – it doesn’t affect which resource is returned from the server.

    "

     

    Since the Server never gets the URL fragment ID, it will not be able to redirect with any fragment ID

iftomkins's avatar
iftomkins
Maven

Thanks, Jason! That's too bad. Do you know of any workarounds?

JasonL's avatar
JasonL
Lithium Alumni (Retired)
10 years ago

hi iftomkins

no workarounds that i'm aware of. 

 

but i do question if the URL fragment is really needed for your use case. by default, the "Reply" button is correctly mapped to the reply page message id so even after login redirection, it goes comes back reply page with the correct id (no need for the URL fragment)

  • iftomkins's avatar
    iftomkins
    Maven
    10 years ago

    This is a workaround to fix a "product limitation", as we've been told, where users who have been authenticated via SSO (but have not "registered" with a username), are not able to click the Vote button in the Ideas Exchange.

     

    For most Lithium instances, a non-registered user would be allowed to click it, then prompted to choose a username, and then redirected to the message they were viewing (with the vote action taken). However, this doesn't happen on our site. We've been told it's because we authenticate all users via SSO who view the site, so users are in a "partially registered" state.

     

    This workaround manually adds a link to the disabled button, which allows users to click it and be directed to choose a username on the SSO registration page, then returned to the page they were on. We were trying to use the "fragment" to return people to the exact same message they were voting on.