SP initiated URL icon on Webtop

I believe the webtop link would be the only option here. You want a webtop link to basically redirect you to the SaaS app. How did oyu have the webtop link configured?

Hi Kevin

That's what I thought. I can't remember the exact settings but I thought I could simply paste the whole SP initiated URL into the webtop link config, present it as an icon and be done with it. Is there any specific settings I should look out for?

Would this be the normal way to do this if we wanted to give the impression it was iDP initiated?

You should be able to just add the same URL you can navigate to directly. When you click the link it should generate a redirect to the SP URL, which then issues a SAMLRequest message in a redirect (or POST) to the IdP. After authenticating, the client is redirected (via POST) back to the SP with a SAMLResponse message containing the authenticated assertion. From a user experience perspective, he sees the logon process to get to the portal, the webtop, then the IdP authentication URL, and then the SP (SaaS app).

Hi Kevin

I think I've figured out that in order for that webtop link to work I still have to have my SAML resource published. Without it it doesn't work!

Can't get my head quite round that, and the fact I have 2 icons on the webtop. One which doesn't work when clicked (SAML resource) but is required for SP initiated (?) and one that does work (webtop link) which kicks off an SP initiated session. Any ideas?

Hi Kevin

I think I've figured out that in order for that webtop link to work I still have to have my SAML resource published. Without it it doesn't work!

Can't get my head quite round that, and the fact I have 2 icons on the webtop. One which doesn't work when clicked (SAML resource) but is required for SP initiated (?) and one that does work (webtop link) which kicks off an SP initiated session. Any ideas?

I often wondered why there was a checkbox to 'publish on webtop' for SAML resources thinking why would I ever not want to publish it to webtop, and now I know why. I unchecked it and now it's exactly how I want it.

Man... You guys have thought of everything!

I may be missing something here, but the webtop link shouldn't be a SAML resource. Well, it is, but not as far as the webtop is concerned. It should simply be a webtop link that opens up a new tab and redirects the user to the defined URL, which in this case is an SP that redirects to an IdP and then back to the SP. But that should be separate from anything you configure on the webtop.

Hi Kevin,

Your absolutely right. I got the WebTop link working. The reason why it wasnt working was becuase I stripped the access policy of the SAML Resource (thinking I didnt need it)! when I put the SAML Resource back in the access policy it worked. The issue then was I had 2 icons on my webtop (1 Webtop link to SaaS application and 1 SAML Resource), simply unchecking 'publish to webtop' (but leaving the resource assigned in the Access Policy) on the SAML Resource, means I now only have one icon on my Webtop which is the webtop link that takes me to my SP Initiated URL to the SaaS appliation.

Have I confused you or what!?! :)

long story short, its working by the looks of it.