NimbostratusSAML to Workday - Deep Linking
We would like to provide deep links to business to maintain links at the service provider while going through the SAML authentication process.
IdP initiated works just fine (i had to put a redirect location iRule to the webtop link to get this to do an unsolicited SAML assertion post to the Service Provider).
Herein lies my challenge, Workday being the service provider does not formulate a standard AuthN request which ofcourse the APM module wont know what to do with. Instead this is what it does:
Workday assists in this by appending the requested (deep-link) URL as a GET URL parameter (similarly, named done), to the URL for the IdP, when it redirects for sign on. i.e. the user clicks the deeplink in their email, their browser navigates to Workday, which in turn redirects to the IdP sign on page. That redirect navigates their browser to the IdP sign on page, with a GET parameter named done, appended, set to the value of the ultimate deep link URL. https://customers.identity.provider/sign-on-page.html?done= http://impl.workday.com/TENANT NAME/fx/task/2997$194.flex The customers’ IdP package logic must be developed or configured to observe this done parameter and be sure to pass it back to Workday, as an identically name POST variable, when POSTing the SAMLRequest assertion.
So I could capture the query string payload in an iRule but posting it back? The webtop iRule is already somewhat of a hack and not true Identity Provider initiated SSO, how could I manipulate the Webtop link is really what I'm asking I think?
The Irule I currently use to redirect to the webtop link is in a switch statement:
HTTP::redirect "https://workday.mycompany.com/saml/idp/res?id=/SSO/workday"I need to somehow manipulate how I post back to the assertion consumer service URL, any ideas?
