Specifying relayState to pass plain URL format for SLO in SP settings

Gernot Hassenpflug gernot.hassenpflug at asahinet.com
Tue Apr 26 22:48:08 EDT 2016

"Cantor, Scott" <cantor.2 at osu.edu> writes:

>> I don't remember why we chose years ago to set relayState="ss:mem" in
>> the <Sessions> element when moving to the new configuration file format:
>> it could have been taken from an example file perhaps.
> AFAIK, that's still the default. Setting it differently for different
> profiles isn't typical, so setting it in the Sessions element is the
> normal way of globally altering it.

Hello Scott,

Thank you for that confirmation and extra information.

>> We are not going to change the settings for other SPs, if there is no
>> pressing reason to remove relayState="ss:mem" from <Sessions>. If
>> someone has a good argument for leaving it at the default, I would be
>> happy to bring it up at management level and make that change (the more
>> defaults the easier to manage our own changes).
> You have to distinguish between "default if not set" and "default as
> shipped". The shipping default now is ss:mem, that is the
> recommendation. It is NOT recommended to expose resource URLs in
> RelayState, and it isn't even legal, strictly speaking, RelayState is
> limited to 80 bytes.

Great, that is a critical point, I have informed the customer IdP administrator
of that, as well as our management. We will certainly not be going down
that path further!

Best regards,
Gernot Hassenpflug
Asahi Net, Inc.
Tokyo, Japan

More information about the users mailing list