Update webserver.js - allow saml relaystate in POST request

[nmmclwhitehead]

added relaystate and regex check to prevent redirecting to a page outside of the configured server. also checks for the allowed query params

ref #6272

[si458]

the is lots more RegExp to check, below is the ones ive found you missed
hint look for urlargs in the handlebars files

lang
sitestyle
key
locale
user
pass
gotomesh
gotouser
gotougrp
debug
filter
webrtc
hide

[si458]

What provider did you use to test relaystate?
As I just couldn't get it working my side
Also how did you set it up etc?

[nmmclwhitehead]

adfs

ylian's guide is still pretty good https://ylianst.github.io/MeshCentral/other/adfs_sso_guide/

also relaystate has to be enable on the adfs server Set-AdfsProperties -EnableRelayStateForIdpInitiatedSignOn $true

[si458]

@nmmclwhitehead ah right ok!
Never realised windows active directory supported sso by url!
Learn something new every day!

[nmmclwhitehead]

@si458 tested the following and can confirm they work (note the viewmode also has to be set to the correct id)
sitestyle
gotomesh
gotouser
gotougrp
gotodevicename
gotodeviceip
viewmode(on its own)

[si458]

@nmmclwhitehead thats great!
now we need to set your url as RelayState which then gets passed to your provider!
sorry ive been snowed under so i can have alook at that this weekend when i have some free time!

[si458]

this might also fix this old issue too #4882

[nmmclwhitehead]

@si458 no problem , whenever you get chance.

i guess it could be if you use the /auth-saml url then check for additional query params. then build and set the relaystate

not sure if you can use relaystate with OAuth, openid etc

[nmmclwhitehead]

@si458 okay yeah looks like this can be done with req.query

ill have a look ... see what you think after i make the commit :)