locked
Obtain Forward URL from IDP Signon page? RRS feed

  • Question

  • One of our departments has signed up for a web based service that all staff will be using. After setting up SSO, we were informed they do not do redirect back to ADFS for user authentication, rather the login attempt must come from our ADFS server (don't ask me why, this is just a lazy implementation to me.)

    The thing is, we are trying to not confuse our users by having them go to adfs/ls/idpinitiatedsignon to select the site and then sign in to the service.

    Is there any way we can obtain the link for the site in question from ADFS so we can then add it as a WebPart in a SharePoint site?

    It's not ideal, but it's a fair sight better than forcing the ADFS page upon the user base.

    Thanks!

    Monday, June 12, 2017 8:25 PM

Answers

  • They have an application using IDP initiated flow. That's an old school thing with SAML...

    You can specify in the URL directly what RP you access after the successful sign-in.

    https://<ADFS URL>/adfs/ls/idpinitiatedsignon.aspx?loginToRp=<ID of your RP>

    Replace the <ADFS URL> with the actual URL of your ADFS farm. And replace the <ID of your RP> by the actual identifier you are using for the relying party trust (in the GUI it is what you find under the tab Identifier - if they are multiple ones, just pick one).

    You can also use a short URL service to redirect to this URL.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.



    Monday, June 12, 2017 9:34 PM

All replies

  • They have an application using IDP initiated flow. That's an old school thing with SAML...

    You can specify in the URL directly what RP you access after the successful sign-in.

    https://<ADFS URL>/adfs/ls/idpinitiatedsignon.aspx?loginToRp=<ID of your RP>

    Replace the <ADFS URL> with the actual URL of your ADFS farm. And replace the <ID of your RP> by the actual identifier you are using for the relying party trust (in the GUI it is what you find under the tab Identifier - if they are multiple ones, just pick one).

    You can also use a short URL service to redirect to this URL.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.



    Monday, June 12, 2017 9:34 PM
  • Perfect, thanks so much. Worked like a charm!
    Tuesday, June 13, 2017 3:53 PM
  • Question? Where exactly do I enter this? I'm running ADFS 3.0. thanks!

    Thursday, June 14, 2018 7:42 PM