URL Hash Fragment lost in SP Initiated SSO over REDIRECT Binding
Mak, Steven
makst at upenn.edu
Tue Oct 4 21:46:00 UTC 2022
https://en.m.wikipedia.org/wiki/URI_fragment
On Oct 4, 2022, at 16:55, prasanna cg via users <users at shibboleth.net> wrote:
Hello Experts,
I am using Shibboleth SP and noticed that the URL fragment is not getting preserved in a SP Initiated SAML SSO with Shibboleth IDP. The Binding used is REDIRECT.
The SAML Auth Request from the SP contains the relay state param as query string (but I also noticed its not url encoded) as below
ss:mem:fbe378f7b0dd8b9b629a2d0942b0d84ea987cdc72d802671ea16056181ec7b36#r10
IDP then issues a 302 redirect to “https://urldefense.com/v3/__https://idp.example.com/idp/profile/SAML2/Redirect/SSO?execution=e2s1*r10__;Iw!!IBzWLUs!S6SmQlryu41QiwuBj-mkXlut71PUZRxwZZEK6HBp7kihLp0XDJHiz0_wZUPZMA7BjnLymlpXNklCK_VR$ ”
From there the Hash Fragment in the relay state is not preserved and lost which causes a lot of user inconvenience.
What is the solution for this ? Will HTTP POST binding work ?
We have a lot of applications integrated with our IDP this way for which we share the URL with Hash Fragment to end users to read/review a specific content and take action.
Looking forward for your response
Thanks,
Prasanna
--
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!IBzWLUs!S6SmQlryu41QiwuBj-mkXlut71PUZRxwZZEK6HBp7kihLp0XDJHiz0_wZUPZMA7BjnLymlpXNtHMBLIK$
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20221004/8700ae4d/attachment.htm>
More information about the users
mailing list