Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

WSO2 Identity Server SAML SSO return url

Is it possible somehow to pass a return url to the Identity Server when performing a SAML SSO and have that url posted back to my assertion url when the user authenticates successfully?

like image 542
Adrian Mitev Avatar asked Oct 22 '22 07:10

Adrian Mitev


1 Answers

The RelayState (described here) parameter that is sent to the IdP can be used to post the return URL to the IdP and have it back when the Authentication Response is send back from the IdP. Of course as this is an HTTP POST parameter, if you store a URL there it has to be propertly encoded/decoded.

However keep in mind that this might be used by an attacker to trick the use to open a trusted URL (this of the identity server) and redirect it to a malicious site. To prevent this the redirect URL should be validated.

like image 151
Adrian Mitev Avatar answered Nov 25 '22 22:11

Adrian Mitev