Shibboleth Developers

[<>]

I knew something looked wrong in what I was being sent.  Apparently this
3rd party SAML IDP is specifying TARGET for SAML2 SSO...  That certainly
explains why I was getting so confused and why the parameter was being
ignored.

-----Original Message-----
From: Scott Cantor 
[mailto:]
 
Sent: Friday, May 30, 2008 11:50 AM
To: 

Subject: RE: Shibboleth 2.0 SP and TARGET Parameter

> I noticed some bugs in the JIRA regarding the issue of
RelayState/Target
and
> a fix being in Shibboleth 2.1, but I wasn't sure it applied to the
case of
> Unsolicited SSO.

In general, unsolicited SSO is "supported" but kind of impossible if you
strictly adhere to the specs on RelayState. The model I have in mind is
that
unsolicited should NOT supply RelayState and should rely on the
application's homeURL.

> I have a SAML2 IDP that does unsolicited SSO to my
> Shibboleth 2.0 SP, and it uses the TARGET parameter to specify the
page it
> wants on my SP, which currently seems to get ignored.

Umm...TARGET, or RelayState? TARGET is a SAML 1.1 thing. It would not be
ignored there, but would absolutely be ignored by SAML 2.0 SSO.

> Does the bug fix on
> the JIRA cover this use case, or do I have my SessionInitiator
> misconfigured?

The initiator is uninvolved with an unsolicited SSO case. All the bugs I
know of are in generation and preservation in different cases, not
handling
it inbound.

-- Scott