URL Hash Fragment lost in SP Initiated SSO over REDIRECT Binding
prasanna cg
prasannacgin at yahoo.in
Tue Oct 4 20:55:19 UTC 2022
Hello Experts,
I am using Shibboleth SP and noticed that the URL fragment is not getting preserved in a SP Initiated SAML SSO with Shibboleth IDP. The Binding used is REDIRECT.
The SAML Auth Request from the SP contains the relay state param as query string (but I also noticed its not url encoded) as below
ss:mem:fbe378f7b0dd8b9b629a2d0942b0d84ea987cdc72d802671ea16056181ec7b36#r10
IDP then issues a 302 redirect to “https://idp.example.com/idp/profile/SAML2/Redirect/SSO?execution=e2s1#r10”
From there the Hash Fragment in the relay state is not preserved and lost which causes a lot of user inconvenience.
What is the solution for this ? Will HTTP POST binding work ?
We have a lot of applications integrated with our IDP this way for which we share the URL with Hash Fragment to end users to read/review a specific content and take action.
Looking forward for your response
Thanks,
Prasanna
More information about the users
mailing list