From 612f88e89d29db7b989e2d0fb8b1e59cc1a227f8 Mon Sep 17 00:00:00 2001
From: Kevin <kevin.desao@gmail.com>
Date: Wed, 8 Feb 2023 10:58:21 -0800
Subject: [PATCH 1/3] fix: roles detection regex

---
 lambda/samlpost/index.html | 2 +-
 lambda/samlpost/index.js   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lambda/samlpost/index.html b/lambda/samlpost/index.html
index ce0ed16..839b302 100644
--- a/lambda/samlpost/index.html
+++ b/lambda/samlpost/index.html
@@ -406,7 +406,7 @@
     function parseSAMLResponse(samlResponse) {
       //let capturingRegex = new RegExp(">(?<provider>arn:aws:iam::\\d+:saml-provider/\\S+),(?<role>arn:aws::iam::(?<accountid>\\d+):role/(?<rolename>\\w+))<");
       let capturingRegex = new RegExp(
-        ">(arn:aws:iam::\\d+:saml-provider/\\S+),(arn:aws:iam::(\\d+):role/(\\w+))<",
+        ">(arn:aws:iam::\\d+:saml-provider/[a-zA-Z0-9-_@=+.]+),(arn:aws:iam::(\\d+):role/([a-zA-Z0-9-_@=+.]+))<",
         "gi"
       );
       ///>(arn:aws:iam::\d+:saml-provider\/\S+),(arn:aws:iam::(\d+):role\/(\w+))</gi
diff --git a/lambda/samlpost/index.js b/lambda/samlpost/index.js
index 6947832..9fd8341 100644
--- a/lambda/samlpost/index.js
+++ b/lambda/samlpost/index.js
@@ -221,7 +221,7 @@ exports.handler = function (event, context, callback) {
 
 function parseSAMLResponse(samlResponse) {
     //let capturingRegex = new RegExp(">(?<provider>arn:aws:iam::\\d+:saml-provider/\\S+),(?<role>arn:aws::iam::(?<accountid>\\d+):role/(?<rolename>\\w+))<");
-    let capturingRegex = new RegExp(">(arn:aws:iam::\\d+:saml-provider/\\S+),(arn:aws:iam::(\\d+):role/(\\w+))<", "gi");
+    let capturingRegex = new RegExp(">(arn:aws:iam::\\d+:saml-provider/[a-zA-Z-_@=+.]+),(arn:aws:iam::(\\d+):role/([a-zA-Z-_@=+.]+))<", "gi");
     ///>(arn:aws:iam::\d+:saml-provider\/\S+),(arn:aws:iam::(\d+):role\/(\w+))</gi
     let matches = samlResponse.matchAll(capturingRegex);
 

From 83e1506d3db828266b1ce7759158a4738fa4e47e Mon Sep 17 00:00:00 2001
From: Kevin <kevin.desao@gmail.com>
Date: Wed, 8 Feb 2023 10:59:52 -0800
Subject: [PATCH 2/3] fix: Logout URL construction

---
 lambda/samlpost/index.html | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lambda/samlpost/index.html b/lambda/samlpost/index.html
index 839b302..1dd2787 100644
--- a/lambda/samlpost/index.html
+++ b/lambda/samlpost/index.html
@@ -194,9 +194,12 @@
         decodedSAMLResponse
       )}/protocol/saml/clients/amazon-aws`;
 
-      const logoutURL = `${getSAMLIssuer(
-        decodedSAMLResponse
-      )}/protocol/openid-connect/logout`;
+      const samlIssuerURL = getSAMLIssuer(decodedSAMLResponse)
+      const CaptureURLRegex = new RegExp(
+        "((http[s]):\\/?\\/?[^:\\/\\s]+)(\\/\\w+)*\\/[\\w\\-\\.]+[^#?\\s]+.*?(#[\\w\\-]+)?$"
+      )
+      let ParsedURL = samlIssuerURL.match(CaptureURLRegex)
+      const logoutURL = `${ParsedURL[1]}/auth/realms/standard/protocol/openid-connect/logout`
 
       $("#logout").html(
         `<a href="${logoutURL}?redirect_uri=${encodeURIComponent(

From ff4a80150818ce251c770ce1410c74309cc80861 Mon Sep 17 00:00:00 2001
From: Kevin <kevin.desao@gmail.com>
Date: Wed, 8 Feb 2023 12:08:20 -0800
Subject: [PATCH 3/3] fix: fix regex in  index.js

---
 lambda/samlpost/index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lambda/samlpost/index.js b/lambda/samlpost/index.js
index 9fd8341..12c27ac 100644
--- a/lambda/samlpost/index.js
+++ b/lambda/samlpost/index.js
@@ -221,7 +221,7 @@ exports.handler = function (event, context, callback) {
 
 function parseSAMLResponse(samlResponse) {
     //let capturingRegex = new RegExp(">(?<provider>arn:aws:iam::\\d+:saml-provider/\\S+),(?<role>arn:aws::iam::(?<accountid>\\d+):role/(?<rolename>\\w+))<");
-    let capturingRegex = new RegExp(">(arn:aws:iam::\\d+:saml-provider/[a-zA-Z-_@=+.]+),(arn:aws:iam::(\\d+):role/([a-zA-Z-_@=+.]+))<", "gi");
+    let capturingRegex = new RegExp(">(arn:aws:iam::\\d+:saml-provider/[a-zA-Z0-9-_@=+.]+),(arn:aws:iam::(\\d+):role/([a-zA-Z0-9-_@=+.]+))<", "gi");
     ///>(arn:aws:iam::\d+:saml-provider\/\S+),(arn:aws:iam::(\d+):role\/(\w+))</gi
     let matches = samlResponse.matchAll(capturingRegex);