OpenAthens SP to Shibboleth (using OA Federation): Deep Links
Manoj Kancharla
manojk at silverchair.com
Tue Jan 26 11:20:42 EST 2016
Nate/Peter:
For relayState, we're using "ss:db" (we recently switched from "ss:mem"). Could this have anything to do with it?
Are there any examples of setting this to url?
Thanks
Manoj
-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Peter Schober
Sent: Tuesday, January 26, 2016 11:10 AM
To: users at shibboleth.net
Subject: Re: OpenAthens SP to Shibboleth (using OA Federation): Deep Links
* Manoj Kancharla <manojk at silverchair.com> [2016-01-26 16:53]:
> Yes, here is an example in our context: he user clicks on “Sign in via
> OpenAthens” link from an article page. I’m doing a redirect to the
> Shibboleth handler like this:
> https://{0}/Shibboleth.sso/Login?entityID={1}&target={2} , where {0) =
> hostname, {1}=genericEntityID (OA), and {2}=the Url of the page from
> where the user initiated the login.
That should Just Work and is the "obvious" way to do that with the Shib SP (modulo only exposing your own web "API" -- as a wrapper to the Shib handlerURL -- and redirecting to those URLs in your own code. Maybe that's what you're doing already, anyway.)
> What’s happening now is that user is taken to the Athens
> Authentication Point and (after sign in) user is taken back to the
> home page : https://{0}/index.aspx<https://%7b0%7d/index.aspx>
> (instead of the article page)
You'll need to trace the HTTP requests and reponses to see who sends you where. The first thing would be to check where the SP puts the RelayState, i.e., Sessions/@relayState in shibboleth2.xml According to https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessions
you could unset this to cause relayState to become the verbatim URL the SP sees as "target".
If that looks OK look for the redirect that happens right after the HTTP POST to the Shib SP's ACS URL -- and any redirects after that (those are not the SP's doing, but still).
HTH,
-peter
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list