Question

Is it possible somehow to pass a return url to the Identity Server when performing a SAML SSO and have that url posted back to my assertion url when the user authenticates successfully?

Was it helpful?

Solution

The RelayState (described here) parameter that is sent to the IdP can be used to post the return URL to the IdP and have it back when the Authentication Response is send back from the IdP. Of course as this is an HTTP POST parameter, if you store a URL there it has to be propertly encoded/decoded.

However keep in mind that this might be used by an attacker to trick the use to open a trusted URL (this of the identity server) and redirect it to a malicious site. To prevent this the redirect URL should be validated.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top