I am implementing SSO where I am the Identity Provider, right now I am able to successfully log into the Service Provider. But it takes me to the home page. I want to specify the landing page URL when I post the response. Have searched quite a lot but could not find anything convincing. Do not quite know which element of the SAML response carries the Landing page URL or is the in the form that I have to specify. Using java and opensaml libraries to generate the response.
HTTP redirect enables SAML protocol messages to be transmitted within URL parameters. It enables SAML requestors and responders to communicate by using an HTTP user agent as an intermediary.
Whenever users go to a domain that requires authentication, they are redirected to the authentication domain. As users are already logged-in at that domain, they can be immediately redirected to the original domain with the necessary authentication token.
Though it is not in the SAML specs, a de-facto standard is to use the RelayState
element for that. It is added as a parameter in the response in addition to the SAMLResponse
parameter and value of the landing
URL. Sample HTML page from http://en.wikipedia.org/wiki/SAML_2.0 for an IDP using the POST
binding for the response:
<form method="post" action="https://sp.example.com/SAML2/SSO/POST" ...>
<input type="hidden" name="SAMLResponse" value="<response>" />
<input type="hidden" name="RelayState" value="<url>" />
...
<input type="submit" value="Submit" />
</form>
Edit:
Just to be clear, the RelayState
parameter declaration is part of the specs and it is included to allow for passing arbitrary state between SP and IDP. Using it for passing a URL that defines the landing page is not defined in the spec but is de-facto standard usage. Any usage of RelayState
in IDP-init-SSO would depend on a pair-wise agreement between IDP and SP and this is just an agreement that makes sense, is useful and thus has been widely adopted.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With