IdPUnsolicitedSSO + relayState
Peter Schober
peter.schober at univie.ac.at
Mon Oct 9 06:27:27 EDT 2017
* Lalith Jayaweera <ljayaweera at gmail.com> [2017-10-09 04:31]:
> https://myidp.com/idp/profile/SAML2/Unsolicited/SSO?providerId=https://vendor.com/cgi-bin/?p_subject=myAccount
>
>https://idpweb1.vu.edu.au/idp/profile/SAML2/Unsolicited/SSO?providerId=https://askvu.vu.edu.au/cgi-bin/askvu.cfg/php/admin/sso_launch.php?p_subject=Account.Login&target=https://askvu.vu.edu.au/AgentWeb/
Hard to say which one of those two you're talking about.
Also neither of those request parameters has been urlencoded like it
should be.
> Then I changed it to below
>
> https://myidp.com/idp/profile/SAML2/Unsolicited/SSO?providerId=https://vendor.com/cgi-bin/?p_subject=myAccount&target=https://vendortarget.com/AgentWeb/
>
>https://idpweb1.vu.edu.au/idp/profile/SAML2/Unsolicited/SSO?providerId=https://askvu.vu.edu.au/cgi-bin/askvu.cfg/php/admin/sso_launch.php?p_subject=Account.Login&target=https://askvu.vu.edu.au/AgentWeb/
The target parameter should be the only thing not urlencoded here, in
both cases.
> I kind of tend to believe IdP has done what it supposed to do, even though
> the relay state was not appearing in the query string but somehow
> maintained in the IdP
>
> Please let me know above understanding is correct
I have no idea what you're asking. AFAICT you're saying everything it
working fine, are asking why it's working?
-peter
More information about the users
mailing list