Add static/custom attribute with ACS Url

Santu Ghosh mon.snahasish at
Thu Feb 8 09:37:46 EST 2018

Thanks Tom for you response.

Yes SP initiated working perfectly for all partner.
When I hit my SP initited url, ultimatly it redisrects to a url like bellow.

On Wed, Feb 7, 2018 at 9:47 PM, Tom Scavo <trscavo at> wrote:

> On Wed, Feb 7, 2018 at 4:15 PM, Santu Ghosh <mon.snahasish at>
> wrote:
> >
> >>but in an IdP-initiated flow, the IdP can
> > add whatever RelayState value the SP will understand (presumably by
> > prior agreement).
> >
> > Can you please give me an example how to add an parameter in an ACS url
> ??
> Let's back up a bit. First you need to understand how RelayState works
> in an SP-initiated flow: The SP attaches a RelayState parameter to the
> redirect URL, which the IdP is REQUIRED to return on the round trip.
> This is documented in the SAML standard.
> Presumably the SP includes a RelayState parameter so that it knows
> where to redirect the user at the very last step of the flow. Are your
> SPs that support SP-initiated doing this now? If not, I'm not sure why
> you're concerned with the SP that doesn't support SP-initiated. Either
> you need RelayState for all of them or none of them.
> That said, an IdP-initiated flow is inherently non-standard. The IdP
> could add an arbitrary RelayState parameter to the POST response but
> the SP may not understand it since the request did not originate at
> the SP. So if anything good happens in the IdP-initiated case it is by
> prior agreement only. If the IdP passes a RelayState parameter that
> the SP understands, then that means they colluded on its semantics.
> That's great.
> HTH,
> Tom
> --
> For Consortium Member technical support, see
> confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list