seeking elp with properly specifying a "redirect URL"

Cantor, Scott cantor.2 at
Mon Aug 31 19:40:04 EDT 2015

On 8/31/15, 6:27 PM, "users on behalf of Pottinger, Hardy J." <users-bounces at on behalf of PottingerHJ at> wrote:

>Hi, I'm a committer for DSpace [1], I'm trying to find a resolution for an issue [2] which involves properly specifying a redirect URL for sending a user after they successfully login on our Shibboleth IdP.

A Shibboleth IdP doesn't use any special parameters for that in a standard SP-initiated flow, the RelayState attribute is propagated in accordance with the standard and what the SP does with the result is up to the SP. Any SAML IdP that is compliant will do that, and SAML SPs work in different ways when it comes to handling application integration and deep linking.

> In the past, I've used the "target" parameter to do this,

The only place the IdP uses that parameter is in a legacy SAML 1.x request or an IdP-initiated flow, and neither should really be involved in any integration in 2015.

> however, it seems like DSpace uses "target" for handling *all* successful logins, and the login type I am especially interested in right now is the one that results from an interrupted session (insufficient privileges). I'm wondering if there might be a resource somewhere to help me understand how the target parameter is supposed to work?

I'm not yet understanding which piece of software you're talking about. The Shibboleth IdP I speak to above, and DSpace I can't really speak to when you say that it "uses" the parameter. If it's doing something with a parameter by that name, it wouldn't have anything to do with Shibboleth (but obviously could conflict in certain cases I guess).

> I've found the wiki page on Session Creation Parameters [3] but I'm still not clear on how exactly the target parameter is supposed to work, or what options are available.

That's for the Shibboleth *SP*. So again, I don't know what software you're actually asking about or in what scenario.

In the SP, you can request a session by passing control to a SessionInitiator, and that can include query parameters (target along them), which is what that page is referring to. That's normally set to the application resource to return to after the login happens.

-- Scott

More information about the users mailing list