URL Hash Fragment lost in SP Initiated SSO over REDIRECT Binding

Mak, Steven makst at upenn.edu
Tue Oct 4 21:46:00 UTC 2022


On Oct 4, 2022, at 16:55, prasanna cg via users <users at shibboleth.net> wrote:

Hello Experts,

I am using Shibboleth SP and noticed that the URL fragment is not getting preserved in a SP Initiated SAML SSO with Shibboleth IDP. The Binding used is REDIRECT.

The SAML Auth Request from the SP contains the relay state param as query string (but I also noticed its not url encoded) as below


IDP then issues a 302 redirect to “https://urldefense.com/v3/__https://idp.example.com/idp/profile/SAML2/Redirect/SSO?execution=e2s1*r10__;Iw!!IBzWLUs!S6SmQlryu41QiwuBj-mkXlut71PUZRxwZZEK6HBp7kihLp0XDJHiz0_wZUPZMA7BjnLymlpXNklCK_VR$  ”

From there the Hash Fragment in the relay state is not preserved and lost which causes a lot of user inconvenience.

What is the solution for this ? Will HTTP POST binding work ?

We have a lot of applications integrated with our IDP this way for which we share the URL with Hash Fragment to end users to read/review a specific content and take action.

Looking forward for your response


For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!IBzWLUs!S6SmQlryu41QiwuBj-mkXlut71PUZRxwZZEK6HBp7kihLp0XDJHiz0_wZUPZMA7BjnLymlpXNtHMBLIK$
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20221004/8700ae4d/attachment.htm>

More information about the users mailing list