Forum Discussion
Ingebrigt_Maurs
Nimbostratus
Also, if I set a default RealyState on the SP, this will break SP-initiated SSO.
I set default RelayState on the SP to
https://myhost.no/default/path
As a client, I go to
https://myhost.no/intended/path
.
As expected I get redirected to the IDP, authenticate, and then I am redirected back to the SP ACS with RelayState
https://myhost.no/intended/path
. But unfortunately I am sent to https://myhost.no/default/path
. Correct behaviour would have been to be sent to my intended url https://myhost.no/intended/path
.Ingebrigt_Maurs
May 05, 2015Nimbostratus
I use APM as SP.
My goal is to support both IDP and SP initiated logons.
It is IDP initiated that is causing me trouble.
BUT, SP initiated is also acting strange if I set a the 'RelayState' property of the SP configuration.
If I as a client go to https://sp.no/intended/path I expected to end up there after SSO.
But actually I end up at the URL specified by the RelayState property on the SP, if this is set.
I'm unsure if this is a bug or a feature, but it certainly means I can't use the RelayState property. Because all clients using SP-initiated SSO will land on the URI specified in the RelayState property (and not on the landinguri they tried to reach).