From a65ad08ec183f15e7d708b877e45383730abdb63 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Thu, 20 Jun 2019 11:54:39 +0100
Subject: [PATCH] Add a slash on the login redirect URL only when necessary

---
 src/mod_sso/mod_sso.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/mod_sso/mod_sso.c b/src/mod_sso/mod_sso.c
index 1cd6b98..7fef0a6 100644
--- a/src/mod_sso/mod_sso.c
+++ b/src/mod_sso/mod_sso.c
@@ -490,6 +490,14 @@ static int mod_sso_method_handler(request_rec *r) {
   return DECLINED;
 }
 
+static int ends_with_slash(const char *s) {
+  int l = strlen(s);
+  if (l < 1) {
+    return 0;
+  }
+  return s[l-1] == '/';
+}
+
 static int redirect_to_login_server(request_rec *r, modsso_config *s_cfg,
                                     const char *service_host,
                                     const char *service, const char **groups,
@@ -499,7 +507,8 @@ static int redirect_to_login_server(request_rec *r, modsso_config *s_cfg,
 
   dest = full_uri(r, service_host);
   login_url = apr_pstrcat(r->pool, "https://", s_cfg->login_server,
-                          "/?s=", modsso_url_encode(r->pool, service),
+                          ends_with_slash(s_cfg->login_server) ? "" : "/",
+                          "?s=", modsso_url_encode(r->pool, service),
                           "&d=", modsso_url_encode(r->pool, dest), NULL);
   if (s_cfg->session_key != NULL) {
     // If we have a session key, send a nonce to the login server. We
-- 
GitLab