Capture Requesting URL

[Nate Klingenstein]

George,

Shibboleth by default protects the RelayState from viewership by the browser or the IdP in order to preserve user privacy with either a stored object or a cookie.  You can configure it so that it will reveal the full URL using the relayState flag.

https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessions

RelayState is passed as a form parameter in the HTTP POST alongside the SAML assertion.  You could theoretically pull that value.  I would advise against that just because it's so close to tinkering with the profile itself.

If possible, I would just do the typical integration: have an interstitial page that is the landing page after the assertion is processed that then redirects the user to the original page with the variables set.  That page can be referred to using the sessionHook parameter:

https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPRelyingPartySettings

and it will have the target URL, typically the relay state decoded, available for you in the query string.  From there, grab variables, build URL, and redirect.

Hope this would work for you,
Nate.

--
Dewpoint Identity
https://dewpoint.id/
 
-----Original message-----
> From: George Glessner
> Sent: Friday, July 13 2018, 11:50 am
> To: Shib Users
> Subject: RE: Capture Requesting URL
> 
> What I want to be able to do is to capture that RelayState value and then send it over as a parameter to my target URL so I can set the variables I need to set and then redirect back to the original page that was trying to be accessed. Not sure if that is possible though. 
> 
> Thank you 
>  
> 
> 
> -----Original Message-----
> From: users <users-bounces at shibboleth.net> On Behalf Of Nate Klingenstein
> Sent: Friday, July 13, 2018 2:13 PM
> To: Shib Users <users at shibboleth.net>
> Subject: RE: Capture Requesting URL
> 
> George,
> 
> As you observed, Shibboleth and SAML will [attempt to] do this automatically by passing a field called RelayState back and forth.  If you have a specific destination landing page that differs from the page the user was browsing when login was initiated, you can specify that using the target parameter.
> 
> https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessionCreationParameters
> 
> Hope this helps,
> Nate.
> 
> --
> Dewpoint Identity
> https://dewpoint.id
>  
> -----Original message-----
> > From: George Glessner
> > Sent: Friday, July 13 2018, 6:07 pm
> > To: Shib Users
> > Subject: Capture Requesting URL
> > 
> > 
> > 
> > Hi All,
> > 
> > This may be a very simple question, but is there a way for me to 
> > capture the URL a user was trying to access before being prompted to 
> > authenticate? We need to redirect to a page to set some initial variables and then we want to redirect  the user back to the original page they were trying to get to. I have tried using HTTP_REFERER but that comes up blank. Wondering if there is anything I can capture or call in my shibboleth2.xml file since it obviously knows where to redirect when auto-redirect  is enabled.
> > 
> > Thank you!
> > 
> > --
> > 
> > For Consortium Member technical support, see 
> > https://wiki.shibboleth.net/confluence/x/coFAAg
> > 
> > To unsubscribe from this list send an email to 
> > users-unsubscribe at shibboleth.net
> > 
> > 
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
> 
> -- 
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>