SSO - SAML,成功登录后将用户重定向到指定的登录页面 [英] SSO - SAML, Redirect a user to a specified landing page after successful log in
问题描述
我正在实施 SSO,我是身份提供者,现在我能够成功登录到服务提供者.但它带我到主页.我想在发布响应时指定登录页面 URL.搜索了很多,但找不到任何令人信服的东西.不太清楚 SAML 响应的哪个元素带有登陆页面 URL 或者是我必须指定的形式.使用 java 和 opensaml 库生成响应.
尽管它不在 SAML 规范中,但事实上的标准是为此使用 RelayState 元素.除了 SAMLResponse 参数和 landing URL 的值之外,它还作为参数添加到响应中.来自 http://en.wikipedia.org/wiki/SAML_2.0 的示例 HTML 页面对于使用 POST 绑定作为响应的 IDP:
需要明确的是,RelayState 参数声明是规范的一部分,它被包含在内以允许在 SP 和 IDP 之间传递任意状态.使用它来传递定义着陆页的 URL 未在规范中定义,但实际上是标准用法.在 IDP-init-SSO 中使用 RelayState 将取决于 IDP 和 SP 之间的成对协议,这只是一个有意义的协议,有用并因此被广泛采用.>
I am implementing SSO where I am the Identity Provider, right now I am able to successfully log into the Service Provider. But it takes me to the home page. I want to specify the landing page URL when I post the response. Have searched quite a lot but could not find anything convincing. Do not quite know which element of the SAML response carries the Landing page URL or is the in the form that I have to specify. Using java and opensaml libraries to generate the response.
Though it is not in the SAML specs, a de-facto standard is to use the RelayState element for that. It is added as a parameter in the response in addition to the SAMLResponse parameter and value of the landing URL. Sample HTML page from http://en.wikipedia.org/wiki/SAML_2.0 for an IDP using the POST binding for the response:
<form method="post" action="https://sp.example.com/SAML2/SSO/POST" ...>
<input type="hidden" name="SAMLResponse" value="<response>" />
<input type="hidden" name="RelayState" value="<url>" />
...
<input type="submit" value="Submit" />
</form>
Edit:
Just to be clear, the RelayState parameter declaration is part of the specs and it is included to allow for passing arbitrary state between SP and IDP. Using it for passing a URL that defines the landing page is not defined in the spec but is de-facto standard usage. Any usage of RelayState in IDP-init-SSO would depend on a pair-wise agreement between IDP and SP and this is just an agreement that makes sense, is useful and thus has been widely adopted.
这篇关于SSO - SAML,成功登录后将用户重定向到指定的登录页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
