ComponentSpace

Forums



Passing along additional attributes to the SAML


Passing along additional attributes to the SAML

Author
Message
jedc
jedc
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 9
Hi,

Is there a way for me to pass along additional attributes to the SAML? My idea was to introduce it when I call InitializeSsoAsync or InitializeSloAsync and receive it as part of the SloResult/Sso Result. Please advise if there is a way around it or if it's even possible at all.

Thanks,

Jed
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Jed
You can use relay state for sending and receiving additional data.
You'll see that InitializeSsoAsync and InitializeSloAsync take an optional relayState paremeter.
The SsoResult/SloResult returns the RelayState property.
Just me mindful that for IdP-initiated SSO, relay state has a different meaning. It's the target URL the SP should redirect to once SSO completes.
For SP-initiated SSO and for SLO, relay state is generic information sent to and returned by the partner provider.
Its purpose is to assist in maintaining state information between sending a SAML request and receiving a SAML response.
Of course, its use is optional and you might decide using a session cookie or some other mechanism is better.

Regards
ComponentSpace Development
jedc
jedc
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 9
ComponentSpace - 4/25/2018
Hi Jed
You can use relay state for sending and receiving additional data.
You'll see that InitializeSsoAsync and InitializeSloAsync take an optional relayState paremeter.
The SsoResult/SloResult returns the RelayState property.
Just me mindful that for IdP-initiated SSO, relay state has a different meaning. It's the target URL the SP should redirect to once SSO completes.
For SP-initiated SSO and for SLO, relay state is generic information sent to and returned by the partner provider.
Its purpose is to assist in maintaining state information between sending a SAML request and receiving a SAML response.
Of course, its use is optional and you might decide using a session cookie or some other mechanism is better.

Thank you, using the RelayState worked.
Since RelayState holds a string value, I was able to accomplish this by creating a RelayStateObject class, serialized it to JSON string and passed it to RelayState field in InitiateSloAsync. On the other side, I deserialized the JSON to RelayStateObject type and used it as needed.


Regards,

Jed


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome.
Just be careful if using HTTP-Redirect for sending the SAML authn request that the relay state, which is included as part of the query string, doesn't make the URL too long. You don't want to run into browser limitations.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search