How to pass query parameters to web page after SAML SSO redirect by WSO2 Identity Server

Question

How to pass query parameters to web page after SAML SSO redirect by WSO2 Identity Server. I tired to save those parameters in session by extending the SAML SSO filter. But that session data is also loss after the authentication redirect.

Answer 1

as well as using the relay state as the previous post says you can use attributes within the SAML token if you need to

<saml:AttributeStatement>
        <saml:Attribute Name="Name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Name">
            <saml:AttributeValue>Test</saml:AttributeValue>
        </saml:Attribute>
    </saml:AttributeStatement>
    <saml:AttributeStatement>
        <saml:Attribute Name="Mobile" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Mobile">
            <saml:AttributeValue>09009090909</saml:AttributeValue>
        </saml:Attribute>
    </saml:AttributeStatement>
    <saml:AttributeStatement>
        <saml:Attribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Email">
            <saml:AttributeValue>test@test.com</saml:AttributeValue>
        </saml:Attribute>
    </saml:AttributeStatement>

That way you can query the SAML, make sure it's valid and then get the information from the attributes section and do what you want after, whether it's a redirect or you require extra processing.

Hope that helps.

Answer 2

I think, You can use RelayState. When SAML Request is sent to IS, you can send values with RelayState parameter and IS would reply back to your web application with same value. Also you can append query parameters to ACS url and send it with the SAML Request. If your SAML request has been signed, IS would redirect to ACS url which is in SAML Request.