ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to pass application URL parameters to Service Provider

book

Article ID: 200059

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

How to pass application URL parameters to Service Provider. For example:

https://idp.mycompany.com/affwebservices/public/saml2sso?SPID=https://sp.mycompany.com/support&parameter=value

In above URL application is sending URL parameter as parameter=value, how can I pass this attribute (parameter) to Service Provider https://sp.mycompany.com/support

Environment

Release : 12.8.03

Component : FAXSREVE FAMILY

Resolution

The SPID parameter is actually the id of the service provider. It is not a directive to tell the SP what URL to hop to next.

What you want is to set the relay state:

https://idp.mycompany.com/affwebservices/public/saml2sso?SPID=https://sp.mycompany.com/support&RelayState=https://sp.mycompany.com/support?parameter=value

Note that the above is illustrative of the point. RelayState would have to be url endcoded so:

https://idp.mycompany.com/affwebservices/public/saml2sso?SPID=https://sp.mycompany.com/support&RelayState=https%3A%2F%2Fsp.mycompany.com%2Fsupport%3Fparameter%3Dvalue%0A

See:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/legacy-federation/configure-a-saml-2-0-identity-provider/initiate-single-sign-on-from-the-idp-or-sp.html

And:

https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=824309

Note "Relay State Overrides Target".