AD FS and RelayState
Cantor, Scott
cantor.2 at osu.edu
Thu Aug 20 10:10:31 EDT 2015
On 8/20/15, 9:55 AM, "users on behalf of Robert Lowe" <users-bounces at shibboleth.net on behalf of robertmlowe at rmlowe.com> wrote:
>
>If true, this would obviously not be compliant with the spec. I'm skeptical, as the sources seem to be referring to IdP-initiated SSO only.
IdP-initiated Relay State is proprietary, just like all of IdP-iniated SSO is. So yes, that's probably the case.
It handles RelayState in general without much trouble that I know of.
>2. If this is indeed required, is there any way to make the Shibboleth SP generate
>RelayState in the appropriate format?
No, nor will it underatand it. The only value usable in that direction is just a full target URL.
-- Scott
More information about the users
mailing list