Get client/original request parameters on IdP

Question

I'm looking but I don't found a way to get the client/orginal request parameters (get or post) on the IdP, I need them to perform a custom login handler based on a token that comes on the request to the resource.

I inspect the request on my browser and I don't see the parameter when the SP calls the IdP, is there a way to send the parameters as part of the IdP request? (I'm using shibboleth SP and IdP) Does the standard support to send the resource request information to the IdP?

On Shibboleth implementation, are these parameters on the RelayState (on the request)? In that case, how can get the RelayState value? I only can get the encoded value (with the prefix ss:mem) and I don't know how to obtain the real value.

Thanks in advance Sol

Answer 1

You can't rely on relayState to contain the parameter you want. It's an implementation detail and it may be stored at the SP before the redirect, or could be stored in a cookie on the IdP, or in a number of other ways. There's just no guarantee you will be able to retrieve it.

Your login handler will likely have to share some sort of backend data between it and the service provider you care about, or share a cookie (if you're on the same domain).

There was a question about this recently on the mailing list: http://shibboleth.net/pipermail/users/2014-February/014196.html