Shibboleth Idp does not persist URL hash fragments across a login redirect.
Peter Schober
peter.schober at univie.ac.at
Wed Apr 13 08:59:33 EDT 2016
* Waldbieser, Carl <waldbiec at lafayette.edu> [2016-04-12 17:39]:
> Could something like the "target" parameter [1] be used at the SP to
> force the redirect after authentication to end up at a complete URL?
Actually yes, if you properly urlencode the URL the fragment will be
preserved.
I've just added anchors to https://sp.eduid.at/ (e.g. "mdenv") so you
can also see the effect on the page. You can test this with any
eduGAIN-enabled SAML IDP, e.g.:
https://sp.eduid.at/Shibboleth.sso/Login?target=https%3A%2F%2Fsp.eduid.at%2F%23mdenv
Avoid IDP discovery by also adding &entityID=<your-IDP>
If the Testshib SP had a RequestInitiator endpoint configured
(e.g. /Shibboleth.sso/Login) anyone could have tested it there using
the Testshib IDP.
-peter
More information about the users
mailing list