IdPUnsolicitedSSO + relayState
Lalith Jayaweera
ljayaweera at gmail.com
Mon Oct 9 18:50:27 EDT 2017
Hi Peter
sorry for he confusion....
For some reason SP still failing and Vendor looking into it....I just
wanted to make sure IdP has done what it supposed to do with respect to
'relayState'.
Given I can see below pattern in the response, I wanted to make sure IdP
has done what it supposed to do and also the query string params are
correct (from the point of view of the Syntax)
*POST
**RelayState*: https://vendortarget.com/AgentWeb/
<https://idpweb1.vu.edu.au/idp/profile/SAML2/Unsolicited/SSO?providerId=https://askvu.vu.edu.au/cgi-bin/askvu.cfg/php/admin/sso_launch.php?p_subject=Account.Login&target=https://askvu.vu.edu.au/AgentWeb/>*SAMLResponse*:
PD94bWwgdmVyc2lvbj0iMS4......
On Mon, Oct 9, 2017 at 9:27 PM, Peter Schober <peter.schober at univie.ac.at>
wrote:
> * Lalith Jayaweera <ljayaweera at gmail.com> [2017-10-09 04:31]:
> > https://myidp.com/idp/profile/SAML2/Unsolicited/SSO?
> providerId=https://vendor.com/cgi-bin/?p_subject=myAccount
> >
> >https://idpweb1.vu.edu.au/idp/profile/SAML2/Unsolicited/
> SSO?providerId=https://askvu.vu.edu.au/cgi-bin/askvu.cfg/
> php/admin/sso_launch.php?p_subject=Account.Login&target=
> https://askvu.vu.edu.au/AgentWeb/
>
> Hard to say which one of those two you're talking about.
> Also neither of those request parameters has been urlencoded like it
> should be.
>
> > Then I changed it to below
> >
> > https://myidp.com/idp/profile/SAML2/Unsolicited/SSO?
> providerId=https://vendor.com/cgi-bin/?p_subject=myAccount&
> target=https://vendortarget.com/AgentWeb/
> >
> >https://idpweb1.vu.edu.au/idp/profile/SAML2/Unsolicited/
> SSO?providerId=https://askvu.vu.edu.au/cgi-bin/askvu.cfg/
> php/admin/sso_launch.php?p_subject=Account.Login&target=
> https://askvu.vu.edu.au/AgentWeb/
>
> The target parameter should be the only thing not urlencoded here, in
> both cases.
>
> > I kind of tend to believe IdP has done what it supposed to do, even
> though
> > the relay state was not appearing in the query string but somehow
> > maintained in the IdP
> >
> > Please let me know above understanding is correct
>
> I have no idea what you're asking. AFAICT you're saying everything it
> working fine, are asking why it's working?
>
> -peter
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20171010/585abfab/attachment.html>
More information about the users
mailing list