Shibboleth Developers

["Scott Cantor" <>]

> I noticed some bugs in the JIRA regarding the issue of RelayState/Target
and
> a fix being in Shibboleth 2.1, but I wasn't sure it applied to the case of
> Unsolicited SSO.

In general, unsolicited SSO is "supported" but kind of impossible if you
strictly adhere to the specs on RelayState. The model I have in mind is that
unsolicited should NOT supply RelayState and should rely on the
application's homeURL.

> I have a SAML2 IDP that does unsolicited SSO to my
> Shibboleth 2.0 SP, and it uses the TARGET parameter to specify the page it
> wants on my SP, which currently seems to get ignored.

Umm...TARGET, or RelayState? TARGET is a SAML 1.1 thing. It would not be
ignored there, but would absolutely be ignored by SAML 2.0 SSO.

> Does the bug fix on
> the JIRA cover this use case, or do I have my SessionInitiator
> misconfigured?

The initiator is uninvolved with an unsolicited SSO case. All the bugs I
know of are in generation and preservation in different cases, not handling
it inbound.

-- Scott