For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sam_Hall's avatar
Sam_Hall
Icon for Nimbostratus rankNimbostratus
Nov 06, 2015

Lacking any better suggestion, I've found one option available is to decode the post data to determine which SP the request is attempting to start a session for. Then use that information to craft an idpinitiated GET request. Some SP also seem to provide enough information to do this in the RelayState URL parameter. Is this a terrible approach?

 

Sam_Hall's avatar
Sam_Hall
Icon for Nimbostratus rankNimbostratus
Nov 06, 2015
I think it was called the relying party id for ADFS. It's not to hard to implement and seems to work fine, I'm just wondering if it's the best thing to do. I've still not got it working for our Shibboleth instance, I think I need to enable IdPUnsolicitedSSO, which seems to be frowned upon... https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUnsolicitedSSO