Hi I am using SAMLIdentityProvider.InitiateSSO for login at the ASP.Net service side, but it redirect the page right away. I want to just login and have the client side HTML do the redirection. Not sure how to get that done?
Thanks a lot!
SAMLIdentityProvider.InitiateSSO will generate a SAML response embedded in an HTML form that’s returned to the browser. Included with the HTML is a small section of JavaScript which automatically submits the form as an HTTP Post to the service provider’s assertion consumer service URL. This is using the HTTP-Post binding defined in the SAML specification.
Once SSO completes, the user will be redirected either to the service provider’s default page or a page specified by the optional relay state that may be sent along with the SAML response.
If you’re after a different scenario, please provide more details.
[quote][/quote]
SAMLIdentityProvider.InitiateSSO will generate a SAML response embedded in an HTML form that's returned to the browser. Included with the HTML is a small section of JavaScript which automatically submits the form as an HTTP Post to the service provider's assertion consumer service URL. This is using the HTTP-Post binding defined in the SAML specification.
Once SSO completes, the user will be redirected either to the service provider's default page or a page specified by the optional relay state that may be sent along with the SAML response.
If you're after a different scenario, please provide more details.
Once SSO completes, the user will be redirected either to the service provider's default page or a page specified by the optional relay state that may be sent along with the SAML response.
If you're after a different scenario, please provide more details.
Thanks! Can SAMLIdentityProvider or SAMLServiceProvider only get authenticated and not redirect. After the SSO completed (without redirection), I need to use JS to redirect user to the service provider's page.
SAML SSO flows involve messages being sent between the IdP and SP via the browser. This includes control being passed between the two sites. This is how SAML SSO works as per the SAML specification.
For IdP-initiated SSO:
1. User logs in at the IdP site and clicks a link to SSO to the SP.
2. SAML response containing a SAML assertion and optional relay state is sent to the SP.
3. SP logs the user in automatically using information contained in the SAML assertion.
4. SP redirects to appropriate page (default or that specified by optional relay state).
For SP-initiated SSO:
1. SP sends a SAML authn request to IdP.
2. User logs in at the IdP.
3. SAML response containing a SAML assertion is sent to the SP.
4. SP logs the user in automatically using information contained in the SAML assertion.
5. SP redirects to appropriate page.
SAML messages are sent via the browser and necessarily result in control passing between the IdP and SP sites.
You can’t initiate SSO to the SP but remain at the IdP site.
[quote][/quote]
SAML SSO flows involve messages being sent between the IdP and SP via the browser. This includes control being passed between the two sites. This is how SAML SSO works as per the SAML specification.
For IdP-initiated SSO:
1. User logs in at the IdP site and clicks a link to SSO to the SP.
2. SAML response containing a SAML assertion and optional relay state is sent to the SP.
3. SP logs the user in automatically using information contained in the SAML assertion.
4. SP redirects to appropriate page (default or that specified by optional relay state).
For SP-initiated SSO:
1. SP sends a SAML authn request to IdP.
2. User logs in at the IdP.
3. SAML response containing a SAML assertion is sent to the SP.
4. SP logs the user in automatically using information contained in the SAML assertion.
5. SP redirects to appropriate page.
SAML messages are sent via the browser and necessarily result in control passing between the IdP and SP sites.
You can't initiate SSO to the SP but remain at the IdP site.
For IdP-initiated SSO:
1. User logs in at the IdP site and clicks a link to SSO to the SP.
2. SAML response containing a SAML assertion and optional relay state is sent to the SP.
3. SP logs the user in automatically using information contained in the SAML assertion.
4. SP redirects to appropriate page (default or that specified by optional relay state).
For SP-initiated SSO:
1. SP sends a SAML authn request to IdP.
2. User logs in at the IdP.
3. SAML response containing a SAML assertion is sent to the SP.
4. SP logs the user in automatically using information contained in the SAML assertion.
5. SP redirects to appropriate page.
SAML messages are sent via the browser and necessarily result in control passing between the IdP and SP sites.
You can't initiate SSO to the SP but remain at the IdP site.
Thanks!
You’re welcome!