Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SSO - SAML, Redirect a user to a specified landing page after successful log in

Tags:

single-sign-on

saml

opensaml

I am implementing SSO where I am the Identity Provider, right now I am able to successfully log into the Service Provider. But it takes me to the home page. I want to specify the landing page URL when I post the response. Have searched quite a lot but could not find anything convincing. Do not quite know which element of the SAML response carries the Landing page URL or is the in the form that I have to specify. Using java and opensaml libraries to generate the response.

like image 240
user3391212 Avatar asked Jan 23 '15 19:01

user3391212

People also ask

What is SAML redirect?

HTTP redirect enables SAML protocol messages to be transmitted within URL parameters. It enables SAML requestors and responders to communicate by using an HTTP user agent as an intermediary.

How does SSO redirection work?

Whenever users go to a domain that requires authentication, they are redirected to the authentication domain. As users are already logged-in at that domain, they can be immediately redirected to the original domain with the necessary authentication token.

1 Answers

Though it is not in the SAML specs, a de-facto standard is to use the RelayState element for that. It is added as a parameter in the response in addition to the SAMLResponse parameter and value of the landing URL. Sample HTML page from http://en.wikipedia.org/wiki/SAML_2.0 for an IDP using the POST binding for the response:

<form method="post" action="https://sp.example.com/SAML2/SSO/POST" ...>
    <input type="hidden" name="SAMLResponse" value="<response>" />
    <input type="hidden" name="RelayState" value="<url>" />
    ...
    <input type="submit" value="Submit" />
</form>

Edit:
Just to be clear, the RelayState parameter declaration is part of the specs and it is included to allow for passing arbitrary state between SP and IDP. Using it for passing a URL that defines the landing page is not defined in the spec but is de-facto standard usage. Any usage of RelayState in IDP-init-SSO would depend on a pair-wise agreement between IDP and SP and this is just an agreement that makes sense, is useful and thus has been widely adopted.

like image 130
Hans Z. Avatar answered Oct 08 '22 18:10

Hans Z.
Sign in to Comment

Related questions

The right way to handle accounts in AD to have SSO for different applications
Integrated Windows authentication in Microsoft Edge
SSO login not working in iframe after chrome update
Two web apps on one domain with different context roots?
Facebook Connect SSO not working on some iPhones
How to configure Custom Attributes in SP metadata
OAuth2 Client (Python/Django)
Sharing a session between Ruby and PHP
What is this Waffle SSO example doing
Single-sign-on: Which direction should I go?
How does SAML solve SSO?
Active Directory and Firebase
OpendID Connect and IDP Initiated SSO
Implement SSO using CAS + Spring Security
Redirect Loop Problem for Web Policy Agent?
How is the principal identified in the AuthnRequest for SAML 2.0 Web Browser SSO
Single sign on in ASP.NET - cookie name, machineKey and what more?
Disqus SSO - Not working
How to setup Kibana SSO (through OAuth)?
How to connect Mediawiki to a custom user-database?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!