* Noakes, Paul <[log in to unmask]> [2010-10-22 14:13]:
> I am looking at how we can customise our Identity Provider's
> login.jsp page and wondered if there is a way to determine the page
> within the service provider that triggered the authentication
> request.
[...]
> For example, if a customer is redirected to the identity provider as a
> result of visiting the following shibboleth protected page:
> http://shibdemo.bl.uk/secure/aninterestingpage.html
>
> we would like to be able to include a registration link in login.jsp
> such as:
> https://register.bl.uk/register.aspx?referringPage=http://shibdemo.bl.uk
> /secure/aninterestingpage.html
The resouce someone accessed at a service provider (before the SAML
machinery kicked in to initiate a session) is passed as the RelayState
parameter within SAML, and per the specs (SAML2 at least) the IdP MUST
return the same value verbatim that it recieved from the SP (whatever
that is; an URL, some opaque string that the SP uses to identify an
URL or cookie value, etc.)
So it's the SP (or rather the application that is protected with a
SAML SP) that would need to do that redirecting after the session has
been established (and possibly some other checks have been performed
in a local user database or whatever), not the IDP.
-peter
|