Reputation: 4752
WSO2 Identity Server SAML SSO return url
Is it possible somehow to pass a return url to the Identity Server when performing a SAML SSO and have that url posted back to my assertion url when the user authenticates successfully?
Upvotes: 5
Views: 1826
Answers (1)
Reputation: 4752
The RelayState (described here) parameter that is sent to the IdP can be used to post the return URL to the IdP and have it back when the Authentication Response is send back from the IdP. Of course as this is an HTTP POST parameter, if you store a URL there it has to be propertly encoded/decoded.
However keep in mind that this might be used by an attacker to trick the use to open a trusted URL (this of the identity server) and redirect it to a malicious site. To prevent this the redirect URL should be validated.
Upvotes: 3
Related Questions
- WSO2 identity server - SAML2 Response Issuer verification failed
- Spring SAML wso2
- WSO2 Identity Server supports service provider initiated SSO in SAML?
- SAML and OpenID SSO with WSO2 Identity server
- WSO2 Identity Server obtain SAML token for rest call
- wso2is custom authenticationendpoint, redirect page not used
- WSO2 IS 5.0.0 saml authentication always redirects to localhost
- Saml2 Web Browser Based SSO WSO2 Identity Server Sample not working
- wso2carbon Identity Server SSO redirect to port 9443
- Return to target url after wso2 saml sso authorization