OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [saml-dev] IdP initiated SSO and RelayState


Hi all.

can RelayState be a relative url?

Thanks
Antonio

2016-05-25 15:06 GMT+02:00 Peter Major <peter.major@forgerock.com>:
Hi,

Reading the SAML bindings and the SAML core specs, I'm not really sure how RelayState should work when performing an IdP initiated SSO.

This is the part where I really get confused:
If an artifact that represents a SAML request is accompanied by RelayState data, then the SAML
responder MUST return its SAML protocol response using a binding that also supports a RelayState
mechanism, and it MUST place the exact data it received with the artifact into the corresponding
RelayState parameter in the response.

returning the SAML protocol response itself (since the spec is not talking about the artifact) is done using the SOAP binding and the Artifact Resolution protocol. The SOAP binding spec doesn't even mention the RelayState, and there is nothing relevant in the Artifact Resolution section of the SAML core spec either.

In case of IdP initiated SSO, I guess the RelayState concept is non-existent, because RelayState should/must be provided by the remote SP.
Is there any standard way to make sure that the user is directed to a different URL once the SAML response was successfully processed by the Assertion Consumer Service endpoint when using IdP initiated SSO flow?

Regards,
Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: saml-dev-help@lists.oasis-open.org




--

Ing. Antonio  Di Maio


Mobile  +48 534 861 209 | Skype dimaio_antonio

ul Torfowa 12/4, Cracow, Poland

www.antoniodimaio.com

______________________________________________

This email including all attachments may include confidential information. If you are not the intended recipient or if you received this email by mistake, please inform immediately the sender and destroy the email. Any review, copying or distribution of this email is strictly prohibited.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]