A few comments:
- could you make sure that it works also for other schemes than http ? although quite unlikely (bc of the "SAMLRequest") it would fail if it happens,
- The "SAMLRequest" string index is searched in the whole URL not in the query param, which is open door to any website w/ a link to e.g. http://www.blabla.SAMLRequest/* to be whitelisted
A few comments: www.blabla. SAMLRequest/ * to be whitelisted
- could you make sure that it works also for other schemes than http ? although quite unlikely (bc of the "SAMLRequest") it would fail if it happens,
- The "SAMLRequest" string index is searched in the whole URL not in the query param, which is open door to any website w/ a link to e.g. http://