Forum Discussion
Ingebrigt_Maurs
Nimbostratus
NimbostratusAPM doesn't use RelayState value sent in Request
I have trouble making RelayState work. I use APM as an IDP-initiated SP. I send RelayState with the assertion. The spec for sending RelayState to APM as a SP is unclear/absent, so I send it in the sa...
Ingebrigt_MaursNimbostratus
NimbostratusAlso, if I set a default RealyState on the SP, this will break SP-initiated SSO.
I set default RelayState on the SP to
https://myhost.no/default/pathAs a client, I go to
https://myhost.no/intended/pathAs expected I get redirected to the IDP, authenticate, and then I am redirected back to the SP ACS with RelayState
https://myhost.no/intended/pathhttps://myhost.no/default/pathhttps://myhost.no/intended/path
Michael_Koyfma1Cirrus
Ok, I am a little bit confused here, so need to clarify. Are you saying that APM is IDP and you are having issues with this config? If so, what is your SP? Is your goal to support both IDP and SP-initiated logons? The reason for my confusion is you continue to cite documentation about APM acting as SP and how it handles RelayState parameter - but to me, it sounds like you are using APM as an IDP - and that documentation portion does not apply then.- Ingebrigt_MaursI use APM as SP. My goal is to support both IDP and SP initiated logons. It is IDP initiated that is causing me trouble. BUT, SP initiated is also acting strange if I set a the 'RelayState' property of the SP configuration. If I as a client go to https://sp.no/intended/path I expected to end up there after SSO. But actually I end up at the URL specified by the RelayState property on the SP, if this is set. I'm unsure if this is a bug or a feature, but it certainly means I can't use the RelayState property. Because all clients using SP-initiated SSO will land on the URI specified in the RelayState property (and not on the landinguri they tried to reach).
