locked
ADFS 3.0 IdP Initiated RelayState from dropdown list RRS feed

  • Question

  • Hello,
    My SP requires the use of RelayState, I have already configured Microsoft.IdentityServer.Servicehost.exe.config file and added the following:

    %systemroot%\ADFS\Microsoft.IdentityServer.Servicehost.exe.config
    <microsoft.identityserver.web>
       <useRelayStateForIdpInitiatedSignOn enabled="true" />   <------------------ Add

    I have already followed this https://blogs.technet.microsoft.com/askds/2012/09/27/ad-fs-2-0-relaystate/ and have got my RelayState statement ready.
    ?RelayState=RPID%3Dhttps%253A%252F%252Fsamlsp.domain.com%252Fauth%252Fmetadata%26RelayState%3Didpadminsso
    Note: When Pasting the ?RelayState part into the browser after https://idp.domain.com/adfs/ls/idpinitiatedsignon.aspx, the SP application works perfectly.

    Can you please help. What I am trying to achieve is, when my users select a Relaying Party from the Sign in to one of the following sites drop down list of https://idp.domain.com/adfs/ls/idpinitiatedsignon.aspx, they are automatically redirected to the SP and authenticated automatically without having to paste manually the ?RelayState= into the browser URL.

    Regards,
    Nael
    • Edited by NaelHussein Monday, January 22, 2018 3:06 PM
    Monday, January 22, 2018 3:05 PM

All replies

  • I'd use a "vanity" URL hosted on another web server to do the necessary relay of the browser to the SP (with the page doing a redirect that includes the relay state), rather than using the IDP initiated sign-on page directly. 

    http://blog.auth360.net

    Monday, January 22, 2018 8:55 PM
  • Thank you Mylo,

    Is there a way to edit the RP in the drop down list to add the RelayState?

    Tuesday, January 23, 2018 9:18 AM