SimpleSAMLphp prior to 1.15.2 allows remote malicious users to bypass an open redirect protection mechanism via crafted authority data in a URL.
simplesamlphp simplesamlphp