Specifying relayState to pass plain URL format for SLO in SP settings

Cantor, Scott cantor.2 at osu.edu
Fri Apr 22 15:01:27 EDT 2016

> Despite searches in the Shibboleth Wiki, I could not find any
> documentation on how to do this, the closest was that if the relayState
> was left out (in Sessions) then the plain URL would be used in SLO.

That is correct, but that applies to everything, not just SLO. There possibly isn't an explicit way to do this with the <Logout> element.

> Well, after trying to specify relayState as an empty string in the
> Logout element, which resulted in failed startup for XMLParsing,

Attributes cannot be empty, and "leaving the setting out" is not at all the same as trying to set it to an empty string.

> <Logout relayState="url">SAML2 Local</Logout>

That isn't a valid setting, so if it works, it's accidental. I doubt that what you're actually trying to do is officially supported (leave it set to something but then override back to nothing). That generally isn't something it supports. What you probably could do is the opposite: unset it in <Sessions> but then set it in the <SSO> element.

> Also, if the documentation for relayState could be amended to cover this
> case.

There's nothing to amend, you do it by not setting relayState as far as I recall, like it says to do.

-- Scott

More information about the users mailing list