SSO - SAML, Redirect a user to a specified landing page after successful log in

single-sign-on saml opensaml
18,990

Though it is not in the SAML specs, a de-facto standard is to use the RelayState element for that. It is added as a parameter in the response in addition to the SAMLResponse parameter and value of the landing URL. Sample HTML page from http://en.wikipedia.org/wiki/SAML_2.0 for an IDP using the POST binding for the response:

<form method="post" action="https://sp.example.com/SAML2/SSO/POST" ...>
    <input type="hidden" name="SAMLResponse" value="<response>" />
    <input type="hidden" name="RelayState" value="<url>" />
    ...
    <input type="submit" value="Submit" />
</form>

Edit:
Just to be clear, the RelayState parameter declaration is part of the specs and it is included to allow for passing arbitrary state between SP and IDP. Using it for passing a URL that defines the landing page is not defined in the spec but is de-facto standard usage. Any usage of RelayState in IDP-init-SSO would depend on a pair-wise agreement between IDP and SP and this is just an agreement that makes sense, is useful and thus has been widely adopted.

Share:
18,990
user3391212
Author by

user3391212

Updated on June 18, 2022

Comments

  • user3391212
    user3391212 about 2 years

    I am implementing SSO where I am the Identity Provider, right now I am able to successfully log into the Service Provider. But it takes me to the home page. I want to specify the landing page URL when I post the response. Have searched quite a lot but could not find anything convincing. Do not quite know which element of the SAML response carries the Landing page URL or is the in the form that I have to specify. Using java and opensaml libraries to generate the response.

  • user3391212
    user3391212 over 9 years
    Is it safe if I pass a non-encoded URL. The SP end gives me a "not found", guess they do not decode it at their end. But it works without encoding.
  • Hans Z.
    Hans Z. over 9 years
    Sorry, I meant to say on the wire it is URL-encoded when passing it in the HTTP POST; by placing it verbatim in the HTML form, the browser will URL-encode it. So in the sample that I gave you would place the actual value in <url>. I will edit the text.
  • Scott Heaberlin
    Scott Heaberlin over 9 years
    Not to nit-pick, but RelayState is absolutely in the bindings specs for SAML 2.0 (i.e. it is stronger than a de-facto standard). The HTTP POST, HTTP Redirect, and HTTP Artifact bindings all include rules for RelayState, though none require its use.
  • Hans Z.
    Hans Z. over 9 years
    RelayState's name is standardized but it's value is not.
  • Hans Z.
    Hans Z. over 9 years
    updated the answer with info about that last comment

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to decode SAML Response and get the attribute values sent by Idp in PHP
What are the different NameID format used for?
What's the difference between AWS SSO and AWS Cognito?
Simplesamlphp unhandled exception error while using as SP
SimpleSamlPhp as SP redirects incorrectly
What is the point of OpenSAML? Any alternative?
SAML 2.0 SSO for Ruby on Rails?
Splunk SAML SSO from an IdP with Apache mod_mellon fails
Adfs: Difference between token decrypting certificate and relying party signature verification certificate
What is the correct format for SAML 2.0 Assertions?