From 3cce768c282b5111b17c5ca2361062716341cdec Mon Sep 17 00:00:00 2001
From: Daniel Moerner <daniel@clerk.dev>
Date: Tue, 5 Aug 2025 08:32:12 -0400
Subject: [PATCH] fix(HandleIDPInitiated): Remove recursive rlock

There is a recursive RLock in the path `HandleIDPInitiated` ->
`ServeIDPInitiated` -> `GetServiceProvider`. This can lead to deadlocks
under concurrent requests. The outer RLock is unnecessary, because
`GetServiceProvider` is the only call to access the protected
`serviceProviders` map, and it already guards acces with RLock.

For further context from a similar issue, see:
https://github.com/clerk/saml/commit/91716e8856a3a1723129577d6dfb5352d06fc837
---
 samlidp/shortcut.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/samlidp/shortcut.go b/samlidp/shortcut.go
index d361d1fa..f08efe7d 100644
--- a/samlidp/shortcut.go
+++ b/samlidp/shortcut.go
@@ -110,7 +110,5 @@ func (s *Server) HandleIDPInitiated(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	s.idpConfigMu.RLock()
-	defer s.idpConfigMu.RUnlock()
 	s.IDP.ServeIDPInitiated(w, r, shortcut.ServiceProviderID, relayState)
 }