Does Shibboleth Idp support relayState parameter in IDP Initiated SSO
Luo, Pan
pan.luo at ubc.ca
Tue May 5 07:02:01 UTC 2020
Hi,
I'm trying to figure out how to integrate AWS Connect to our Shibboleth Idp. We already have our Idp integrated with AWS IAM and user will landed to the AWS console. In step 5 the Connect integration doc (https://docs.aws.amazon.com/connect/latest/adminguide/configure-saml.html#enable-saml-federation), it says "Configure the replay state of your identity provider to point to ...". It seems I only need to add the RelayState=https://region-id.console.aws.amazon.com/connect/federate/instance-id to the end of Idp initiated SSO URL. But it doesn't work. The URL I tried is something like this:
https://our.idp/idp/profile/SAML2/Unsolicited/SSO?providerId=urn:amazon:webservices&relayState=https://region-id.console.aws.amazon.com/connect/federate/instance-id
I was still landed in the AWS console instead of AWS Connect.
I couldn't find any documentation mentioning this URL parameter in shibboleth doc. (However, Nate also mentioned it in his reply here: https://marc.info/?l=shibboleth-users&m=157896374826207&w=2)
If it is supported, how to use it? Is there anything we need to turn on in the idp setting? Thanks.
Cheers,
Pan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200505/31132fa9/attachment.html>
More information about the users
mailing list