fix optional SAML/Shibboleth login fails when proxying as form field with name "auth=saml" get lost

api/js/login.js

@@ -59,12 +59,19 @@ egw_LAB.wait(function()
 		]);
 
 		// automatic submit of SAML IdP selection
-		jQuery('select.onChangeSubmit').on('change', function() {
+		jQuery('select[name="auth=saml"]').on('change', function() {
 			if (this.value) {
-				this.form.method = 'GET';
+				this.form.method = 'get';
+				jQuery(this.form).append('<input type="hidden" name="auth" value="saml"/>');
+				jQuery(this.form).append('<input type="hidden" name="idp" value="'+this.value+'"/>');
 				this.form.submit();
 			}
 		});
+		// or optional SAML login with a button for a single IdP
+		jQuery('input[type="submit"][name="auth=saml"]').on('click', function(){
+			this.form.method = 'get';
+			jQuery(this.form).append('<input type="hidden" name="auth" value="saml"/>');
+		});
 	});
 });
 

api/src/Auth.php

@@ -128,13 +128,6 @@ class Auth
 		{
 			$type = $_REQUEST['auth'];
 		}
-		elseif (($auth = array_filter($_REQUEST, function($key)
-			{
-				return substr($key, 0, 5) === 'auth=';
-			}, ARRAY_FILTER_USE_KEY)) && !empty(current($auth)))
-		{
-			$type = substr(key($auth), 5);
-		}
 		// to not allow enabling all sort of auth plugins by simply calling login.php?auth=xyz we require the
 		// plugin to be enabled via "${auth}_discovery" server config
 		if (!empty($type) && empty($GLOBALS['egw_info']['server'][$type.'_discovery']))

api/src/Auth/Saml.php

@@ -113,8 +113,8 @@ class Saml implements BackendSSO
 	{
 		// login (redirects to IdP)
 		$as = new SimpleSAML\Auth\Simple(self::$auth_source);
-		$as->requireAuth(preg_match('|^https://|', $_REQUEST['auth=saml']) ?
-			['saml:idp' => $_REQUEST['auth=saml']] : []);
+		$as->requireAuth(preg_match('|^https://|', $_REQUEST['idp']) ?
+			['saml:idp' => $_REQUEST['idp']] : []);
 
 		/* cleanup session for EGroupware: currently NOT used as we share the session with SimpleSAMLphp
 		$session = SimpleSAML\Session::getSessionFromRequest();