URL Hash Fragment lost in SP Initiated SSO over REDIRECT Binding

prasanna cg prasannacgin at yahoo.in
Tue Oct 4 20:55:19 UTC 2022

Hello Experts,

I am using Shibboleth SP and noticed that the URL fragment is not getting preserved in a SP Initiated SAML SSO with Shibboleth IDP. The Binding used is REDIRECT. 

The SAML Auth Request from the SP contains the relay state param as query string (but I also noticed its not url encoded) as below


IDP then issues a 302 redirect to “https://idp.example.com/idp/profile/SAML2/Redirect/SSO?execution=e2s1#r10”

From there the Hash Fragment in the relay state is not preserved and lost which causes a lot of user inconvenience. 

What is the solution for this ? Will HTTP POST binding work ? 

We have a lot of applications integrated with our IDP this way for which we share the URL with Hash Fragment to end users to read/review a specific content and take action. 

Looking forward for your response


More information about the users mailing list