JohnRegner
JohnRegner

Reputation: 199

ADFS: Default RelayState/Relying Party Redirect for Third Party IdP-Initiated SAML

I'm currently hitting an inter-op issue with a third party (acting as the IdP) initiating a SAML SSO to ADFS (acting as the RP-STS). We have a Relying Party set up that will be their sole destination, and the general Claims Provider/SAML Metadata configuration is fine.

However, after they launch with their SAML assertion, they are landed on the ADFS "You are now signed in" page and their flow into the application is halted. Though there's only one Relying Party, there's no redirect to bring them to that application. Easy enough to solve with a RelayState parameter on the IdP's POST, right? It's all outlined in the MSDN here: https://technet.microsoft.com/en-us/library/jj127245%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

The problem is, they don't have the ability to make that change on their end. Their SSO POST can only contain the SAML token, and they are unable to modify that request body's content.

My question is, is there a way to either force a RelayState value on an incoming SAML request to ADFS, or to configure ADFS to forward to a specific Relying Party by default for third party IdP-initiated requests?

Thanks!

Upvotes: 1

Views: 3227

Answers (1)

rbrayb
rbrayb

Reputation: 46753

What version of ADFS?

There should be a button to allow access to the application?

Could you not construct a URL?

As in : ADFS : RelayState with IDPInitiated.

Upvotes: 0

Related Questions