ComponentSpace

Forums



Is there a way to know what the target url is at the Identity provider?


Is there a way to know what the target url is at the Identity...

Author
Message
btobias
btobias
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)

Group: Forum Members
Posts: 6, Visits: 25
ComponentSpace - 5/5/2018
Sorry, I misunderstood your question.
You can send the return URL as relay state when you call SAMLServiceProvider.InitiateSSO.
For example, in your login page:


var returnUrl = Request.QueryString["ReturnUrl"];
SAMLServiceProvider.InitiateSSO(Response, returnUrl, partnerIdP);


When you call SAMLServiceProvider.ReceiveSSO, the targetUrl output parameter should be set to the returnUrl parameter passed in as the relay state to SAMLServiceProvider.InitiateSSO.
You should check that the targetUrl is within your web application to avoid potential open redirect attacks.
Alternatively, you could store the returnUrl in your ASP.NET session or elsewhere rather than using relay state/target URL.

Nice. I am using Session to preserve the "ReturnURL". It works perfectly.

After logout, it redirect to ADFS login page, with query string SAML 



With username/password there, it is possible for the user to login again and expecting to redirect to previous page on Service Provider (the page where user click "Logout", it can be anywhere on the website). but, it is not the case. the SAMLRequest is the logout request and it will hit SLOService.aspx first. Is there any way to prevent this?

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
No. ADFS will send the logout response to the configured logout service URL (ie SLOService.aspx).
Your application could then redirect the user to whichever page you like using the ReturnURL saved in the session.

Regards
ComponentSpace Development
btobias
btobias
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)

Group: Forum Members
Posts: 6, Visits: 25
ComponentSpace - 5/7/2018
No. ADFS will send the logout response to the configured logout service URL (ie SLOService.aspx).
Your application could then redirect the user to whichever page you like using the ReturnURL saved in the session.

Super. Thanks for the clarification.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search