How to set-up IdP Initiated SSO using Shibboleth as Service Provider
Nate Klingenstein
ndk at sudonym.me
Fri May 31 13:37:13 EDT 2019
Christine,
One of the fields used in SAML is called RelayState, which specifies your
destination URL after the assertion has been processed. If there is none,
then the SP will redirect the user to a default URL, which defaults to /.
Try adding &target=<desired url> to your query string. You can also add
homeURL="<url>" to your ApplicationDefaults element, but that will affect
every assertion that shows up without a RelayState.
https://wiki.shibboleth.net/confluence/display/SP3/ApplicationDefaults
As an aside, Scott's rewrite suggestion would be a more elegant solution as
it allows the SP to retain more control over session creation -- if that's
a good thing in this case -- but does involve touching the Apache side, and
it would be a good idea to set your ServerName and UseCanonicalName On if
you can.
Take care,
Nate.
On Fri, May 31, 2019 at 11:23 AM christinepuedan <christinepuedan at gmail.com>
wrote:
> Thank you. That's what my initial thought as well. Aside from
> shibboleth.xml
> and attribute-map.xml we shouldn't be updating anything from the apache
> side. What happens now, after we logged in to our IdP, it just routes us to
> the apache blank index page, not on our desired application. So I'm
> thinking
> there must be a disconnect between apache and shibboleth that we should
> consider. Thoughts?
>
>
>
> --
> Sent from:
> http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190531/8a03566d/attachment.html>
More information about the users
mailing list