Reputation: 11
ADFS Relying Party trust which has a querystring parameter
Is there a way to navigate the user to a Relying Party, which has a querystring parameter?
BackGround
We are using ADFS 2.0 wherein we have setup the Relying Party trust with Claim Rules for Single Sign On (SSO) of a vendor application. We are doing this using IdpInitiatedSignOn and SAML 2.0. So, we are able to navigate the user to a SSO like mycompany.com; however we are not able to figure out, how to navigate the user to a different page of same application which has a query string parameter e.g. mycompany.com?index = 123
We tried to use RelayState to resolve this, but no luck. This is my first post. My apologies if I have missed on giving enough information.
Upvotes: 1
Views: 2892
Answers (1)
Reputation: 391
It's possible to do a direct SSO with a deep link. There are several walkthroughs, but they aren't terrible clear about what you need. As I used them for this answer, I will share them.
TLDR answer:
**[ADFS base URL]**/adfs/ls/idpinitiatedsignon.aspx?RelayState=EncodedURL(RPID=EncodedURL(**[LoginToRP value]***)&RelayState=EncodedURL(**[Destination URL]**))
Target: mydestinationURL
LoginRPID: myLoginRPIDValue
Base ADFS URL: https://adfs.myDomain.com/adfs/ls/idpinitiatedsignon.aspx
Example: https://adfs.myDomain.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3DmyLoginRPIDValue%26RelayState%3DmydestinationURL
References:
website to break down proper SAML and direct one way auth: http://www.confusedamused.com/notebook/adfs-relaystate
website to help generate/validate proper URL: https://jackstromberg.com/adfs-relay-state-generator/
website for HTML encoding values: https://www.url-encode-decode.com/
Logic breakdown:
1A) HTML Encode the target URL
1B) HTML Encode the LoginToRP parameter
2) Concatenate them together in this format: RPID=[HTML Encoded LoginToRP value]&RelayState=[HTML Encoded Target URL]
3) HTML Encode concatenated String
4) Concatenate Base URL and encoded string: [base URL]?RelayState=[double encoded string]
5) Result:
Upvotes: 1
Related Questions
- Add Relying Party Trust is failing in ADFS SAML
- Conditional authentication with ADFS
- How can I authenticate against ADFS by passing login info as Request headers?
- How to query ADFS repository for authentication in ASP.NET
- Using ADFS and SAML for querying AD with Java
- ADFS 2.1 Relying Party Trusts
- Customize ADFS SignIn Page using Querystring parameter
- How to intercept ADFS 2.0 authentication request
- Passing Query String Parameters to ADFS from SharePoint
- Claims not being passed to a Relying Party in ADFS 2.0