Shibboleth Idp does not persist URL hash fragments across a login redirect.

Peter Schober peter.schober at
Wed Apr 13 08:59:33 EDT 2016

* Waldbieser, Carl <waldbiec at> [2016-04-12 17:39]:
> Could something like the "target" parameter [1] be used at the SP to
> force the redirect after authentication to end up at a complete URL?

Actually yes, if you properly urlencode the URL the fragment will be

I've just added anchors to (e.g. "mdenv") so you
can also see the effect on the page. You can test this with any
eduGAIN-enabled SAML IDP, e.g.:
Avoid IDP discovery by also adding &entityID=<your-IDP>

If the Testshib SP had a RequestInitiator endpoint configured
(e.g. /Shibboleth.sso/Login) anyone could have tested it there using
the Testshib IDP.

More information about the users mailing list