AD FS and RelayState
Robert Lowe
robertmlowe at rmlowe.com
Thu Aug 20 09:55:08 EDT 2015
One of our clients uses AD FS as their IdP, and is claiming that AD FS
requires that RelayState be sent in a specific format, something like this:
RPID=https%3A%2F%2Ffedp.com&RelayState=RPID%3Dhttps%253A%252F%252Frelyingpartyapp%26wctx%3Dappid%253D45%2526foo%253Dbar
They are citing this blog post as an example:
http://www.confusedamused.com/notebook/adfs-relaystate/
If true, this would obviously not be compliant with the spec. I'm
skeptical, as the sources seem to be referring to IdP-initiated SSO only.
I guess my questions to the list are:
1. Can anyone confirm or refute the claim; and
2. If this is indeed required, is there any way to make the Shibboleth
SP generate RelayState in the appropriate format?
--
Best regards,
Robert Lowe
http://crepuscular.rmlowe.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150820/63ccc7a4/attachment.html>
More information about the users
mailing list