Shibboleth Idp does not persist URL hash fragments across a login redirect.
jorj at temple.edu
Tue Apr 12 12:14:55 EDT 2016
TL;DR: on the face of it, this must be an application problem and not a
The client never transmits fragments to the SP, so the SP is powerless
to include any information about the fragment.
Take a look at the packets with HTTPLiveHeaders, which will show you
what the SP has to work with.
For example, if I go to http://jorj.org/blog/#test, this is what's sent:
GET /blog/ HTTP/1.1
Accept-Encoding: gzip, deflate, sdch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/49.0.2623.87 Safari/537.36
The server is completely unaware of the fragment.
But I have no idea what the OP's Angular app is doing.
There are ways that Angular can preserve the fragment during
authentication (cf. https://github.com/auth0/auth0-angular) and maybe
there's an interaction problem with something like that and Shibboleth.
But if there is, someone would have to spell out in great detail exactly
what's going wrong and where.
On 04/12/2016 11:39 AM, Waldbieser, Carl wrote:
> I think the point is just that the OP wants the user to wind back up at the full URL (including the fragment) after authenticating.
> Could something like the "target" parameter  be used at the SP to force the redirect after authentication to end up at a complete URL?
> Carl Waldbieser
> ITS Identity Management
> Lafayette College
>  https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessionCreationParameters
> ----- Original Message -----
> From: "Peter Schober" <peter.schober at univie.ac.at>
> To: users at shibboleth.net
> Sent: Tuesday, April 12, 2016 11:00:53 AM
> Subject: Re: Shibboleth Idp does not persist URL hash fragments across a login redirect.
> * Rainer Hoerbe <rainer at hoerbe.at> [2016-04-12 16:06]:
>> Shouldn’t the SP store the full URL including the fragment part in the relaystate cookie?
> Look at the server logs, the HTTP User Agent never transmits the
> fragment identifier, as I said before in the Wikipedia example.
More information about the users