ComponentSpace

Forums



ReceiveSSO RelayState


ReceiveSSO RelayState

Author
Message
depersioa
depersioa
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 5
Hi all,

We are looking to implement the usage of RelayState onto our idp-initiated SSO logins.  I see that the ReceiveSSO method has an out parameter for relaystate.  I'm wondering what the expectations are for the SAML request on how relaystate is included. 
Is it expected to be included as a query parameter on the Destination attribute for the response node in the XML, or is it expected to be included as a separate attribute/node?

Thanks

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The mechanism for sending relay state is dependent on the transport binding being used. For HTTP-Redirect the relay state is a query string parameter. For HTTP-Post the relay state is post data. The relay state is separate from the SAML message and is not part of its XML. You don't need to worry about these details. Our API handles all of this.

The following outlines relay state included when using HTTP-Redirect.

 

The following outlines relay state included when using HTTP-Post. This is the post data included with the HTTP Post.


SAMLResponse=PHNh....&RelayState=%2F

 


Regards
ComponentSpace Development
depersioa
depersioa
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 5
ComponentSpace - 7/14/2020
The mechanism for sending relay state is dependent on the transport binding being used. For HTTP-Redirect the relay state is a query string parameter. For HTTP-Post the relay state is post data. The relay state is separate from the SAML message and is not part of its XML. You don't need to worry about these details. Our API handles all of this.

The following outlines relay state included when using HTTP-Redirect.

 

The following outlines relay state included when using HTTP-Post. This is the post data included with the HTTP Post.


SAMLResponse=PHNh....&RelayState=%2F

 

Thanks for the response.

We are using HTTP Post.  Just to confirm, the relaystate would not be encoded with the SSO certificate, but is expected to be sent over in plaintext (but URL-encoded).

Edit: I think I misinterpreted your response.  The relaystate is meant to be a separate HTTP form key/value pair, not part of the SAMLResponse value.  Is that correct?

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
That's correct. Relay state is a separate form variable. If you look at the HTTP post data sent to the SP there's the SAMLResponse variable and a separate RelayState variable. Both are URL-encoded.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search