From a8f96e06bdb6dbc346fc95715e0bf2c7448ced41 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Tue, 11 Jul 2023 21:50:55 +0200
Subject: [PATCH] Automatically whitelist the SAML IIDP domain for external
 redirect

This fixes issue #318
---
 config/packages/nelmio_security.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/packages/nelmio_security.yaml b/config/packages/nelmio_security.yaml
index d97b3983..c8d24af0 100644
--- a/config/packages/nelmio_security.yaml
+++ b/config/packages/nelmio_security.yaml
@@ -12,6 +12,9 @@ nelmio_security:
     external_redirects:
         abort: true
         log: true
+        allow_list:
+            # Whitelist the domain of the SAML IDP, so we can redirect to it during the SAML login process
+            - '%env(string:key:host:url:SAML_IDP_SINGLE_SIGN_ON_SERVICE)%'
 
     # forces Microsoft's XSS-Protection with
     # its block mode