Skip to Content.
Sympa Menu

shibboleth-dev - RE: Shibboleth 2.0 SP and TARGET Parameter

Subject: Shibboleth Developers

List archive

RE: Shibboleth 2.0 SP and TARGET Parameter


Chronological Thread 
  • From: <>
  • To: <>
  • Subject: RE: Shibboleth 2.0 SP and TARGET Parameter
  • Date: Fri, 30 May 2008 11:52:11 -0400

I knew something looked wrong in what I was being sent. Apparently this
3rd party SAML IDP is specifying TARGET for SAML2 SSO... That certainly
explains why I was getting so confused and why the parameter was being
ignored.

-----Original Message-----
From: Scott Cantor
[mailto:]

Sent: Friday, May 30, 2008 11:50 AM
To:

Subject: RE: Shibboleth 2.0 SP and TARGET Parameter

> I noticed some bugs in the JIRA regarding the issue of
RelayState/Target
and
> a fix being in Shibboleth 2.1, but I wasn't sure it applied to the
case of
> Unsolicited SSO.

In general, unsolicited SSO is "supported" but kind of impossible if you
strictly adhere to the specs on RelayState. The model I have in mind is
that
unsolicited should NOT supply RelayState and should rely on the
application's homeURL.

> I have a SAML2 IDP that does unsolicited SSO to my
> Shibboleth 2.0 SP, and it uses the TARGET parameter to specify the
page it
> wants on my SP, which currently seems to get ignored.

Umm...TARGET, or RelayState? TARGET is a SAML 1.1 thing. It would not be
ignored there, but would absolutely be ignored by SAML 2.0 SSO.

> Does the bug fix on
> the JIRA cover this use case, or do I have my SessionInitiator
> misconfigured?

The initiator is uninvolved with an unsolicited SSO case. All the bugs I
know of are in generation and preservation in different cases, not
handling
it inbound.

-- Scott





Archive powered by MHonArc 2.6.16.

Top of Page