IDP Initiated SSO + RelayState
Nate Klingenstein
ndk at signet.id
Fri Aug 21 16:44:48 UTC 2020
Joshua,
It's just added to the links themselves as a query string parameter. I don't think you could or would want to hardcode it in the IdP because it only thinks of SP's in terms of SP's, and that would mean they would have to operate a separate SP with a separate entityID for each destination landing page, which is a bad idea in all kinds of ways.
https://hostname/idp/profile/SAML2/Unsolicited/SSO?providerId=https://vendor.site/sp&target=https://vendor.site/landingPageA
https://hostname/idp/profile/SAML2/Unsolicited/SSO?providerId=https://vendor.site/sp&target=https://vendor.site/landingPageB
etc. etc.
https://wiki.shibboleth.net/confluence/display/IDP4/UnsolicitedSSOConfiguration
Take care,
Nate.
More information about the users
mailing list