URL Hash Fragment lost in SP Initiated SSO over REDIRECT Binding
makst at upenn.edu
Tue Oct 4 21:46:00 UTC 2022
On Oct 4, 2022, at 16:55, prasanna cg via users <users at shibboleth.net> wrote:
I am using Shibboleth SP and noticed that the URL fragment is not getting preserved in a SP Initiated SAML SSO with Shibboleth IDP. The Binding used is REDIRECT.
The SAML Auth Request from the SP contains the relay state param as query string (but I also noticed its not url encoded) as below
IDP then issues a 302 redirect to “https://urldefense.com/v3/__https://idp.example.com/idp/profile/SAML2/Redirect/SSO?execution=e2s1*r10__;Iw!!IBzWLUs!S6SmQlryu41QiwuBj-mkXlut71PUZRxwZZEK6HBp7kihLp0XDJHiz0_wZUPZMA7BjnLymlpXNklCK_VR$ ”
From there the Hash Fragment in the relay state is not preserved and lost which causes a lot of user inconvenience.
What is the solution for this ? Will HTTP POST binding work ?
We have a lot of applications integrated with our IDP this way for which we share the URL with Hash Fragment to end users to read/review a specific content and take action.
Looking forward for your response
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!IBzWLUs!S6SmQlryu41QiwuBj-mkXlut71PUZRxwZZEK6HBp7kihLp0XDJHiz0_wZUPZMA7BjnLymlpXNtHMBLIK$
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users