Don't add different states twice to the same URL

controllers/main.py

@@ -97,6 +97,12 @@
 class AuthSAMLController(http.Controller):
 
     def get_state(self, provider_id):
+        """Compute a state to be sent to the IDP so it can forward it back to
+        us.
+
+        :rtype: Dictionary.
+        """
+
         redirect = request.params.get('redirect') or 'web'
         if not redirect.startswith(('//', 'http://', 'https://')):
             redirect = '%s%s' % (
@@ -121,6 +127,9 @@
         provider_osv = request.registry.get('auth.saml.provider')
 
         auth_request = None
+
+        # store a RelayState on the request to our IDP so that the IDP
+        # can send us back this info alongside the obtained token
         state = self.get_state(provider_id)
 
         try:
@@ -133,16 +142,7 @@
 
         # TODO: handle case when auth_request comes back as None
 
-        # store a RelayState on the request to our IDP so that the IDP
-        # can send us back this info alongside the obtained token
-        params = {
-            "RelayState":  simplejson.dumps({
-                "d": request.session.db,
-                "p": pid,
-            }),
-        }
-        url = auth_request + "&" + werkzeug.url_encode(params)
-        redirect = werkzeug.utils.redirect(url, 303)
+        redirect = werkzeug.utils.redirect(auth_request, 303)
         redirect.autocorrect_location_header = True
         return redirect