Reputation: 11649
PingFederate RelayState with IdP-initiated SSO
When initiating login Keycloak sends a relaystate parameter in request. However after successful login PingFederate does not return this relaystate.
Weird thing is if I add a TARGET parameter to the PingFederate request URL, it will return the value of this parameter as RelayState. What am I missing?
https:/<pingfed>/idp/startSSO.ping?PartnerSpId=keycloak&TARGET=someURL
Upvotes: 4
Views: 4245
Answers (1)
Reputation: 6272
Because you are triggering IdP-init SSO via the /idp/startSSO.ping endpoint, there is no RelayState parameter that's understood there. For the documented parameters available, see: https://support.pingidentity.com/s/document-item?bundleId=pingfederate-93&topicId=edg1564003024358.html
RelayState is a SAML protocol parameter that would be more naturally handled via SP initiated SSO, by sending a SAML AuthnRequest to /idp/SSO.saml2.
More info on the protocol endpoints can be found here: https://support.pingidentity.com/s/document-item?bundleId=pingfederate-93&topicId=jsa1564002999406.html
Upvotes: 7
Related Questions
- Keycloak integration with an IDP and SSO
- idp initiated sso using keycloak
- Passing RelayState between PingFederate(IDP) OpenAM (SP) with Sp-initiated sso
- Connecting to PingFederate server for SSO using JavaScript/Angular
- Keycloak integration with Pingfederate
- PingFederate: Error Signature Required on SP Initiated Login
- PingFederate IdP-initiated Logout, redirect to TargetResource
- ping federate: SSO over http - Page Expired
- PIngFederate SSO Multiple IdPs
- Integrating PingFederate with Salesforce