Problem

We try to access a Confluence page which contains a '#' in the URL. Access to the URL is possible, however the SAML Single Sign On plugin ignores everything  after the '#'.

Example

We created an anchor (called Boulder-Techniken) inside the page, which can be hyperlinked. To insert the anchor link, we have to type #Boulder-Techniken

https://<base-URL>/display/SPOR/Bouldern#Boulder-Techniken
CODE

Solution

The problem exists because the fragment (the part after and including the # character) is not sent to the server. There is also a related upstream bug at Atlassian https://jira.atlassian.com/browse/CONFSERVER-27175

The solution would be to instrument the IdP selection page and email IdP selection page with some JavaScript that adds the fragment to the 'redirectTo' parameter that gets sent to the IdP.

Example

Go to SAML Single Sign On Plugin Configuration → Page Templates. Based on your IdP Selection Method you need to modify the IdP Selection Page Template or IdP Selection by Email Page Template.

If in first IdP mode, we need to inject another page into the workflow. When modifying the IdP Selection Template, the a  tags (inside the velocity #foreach loop) need to get the class idpanchor:

#foreach($idp in $idps)
  <p>
    <a class="idplink idpanchor" href="$idp.ssoUrl">$idp.name</a> $idp.description
  </p>
#end
JS

Also, the following snippet needs to be included wherever (in the IdP Selection Template):

<script>
  AJS.toInit(function(){
    AJS.$("a.idpanchor").each(function() {
      var idpAnchor = $(this);
      var prevHref = idpAnchor.attr('href');
      idpAnchor.attr('href', prevHref + encodeURIComponent(window.location.hash));
    });
  });
</script>
CODE

This should make sure, that once the user lands on the IdP selection page, the snippet gets read in JS and the links amended.