Federation IDP initiated link configuration with RelayState
search cancel

Federation IDP initiated link configuration with RelayState


Article ID: 225731


Updated On:


CA Single Sign On Federation (SiteMinder) SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder)



When running AdminUI and configuring a Partnership, what should be the
RelayState value in a IdP initiated journey ?

  The IDP initiate link : https://myidp.myidpdomain.com/affwebservices/public/saml2sso?SPID=sso/saml/aladdin/cli
  IDP entity id         : myIdp
  IDP Base URL          : https://myidp.myidpdomain.com

The following code to fill the RelayState value is :





The RelayState value is the URL where the browser should access to the
application at the SP side. In the sample given in documentation (1),
this is


and its URL Encoded value is :


Now, the RelayState value should be :


So the URL Encoded value will be :


Note that the length of the RelayState should be less than 80
characters (2).
The ProviderID parameter should be the IdP entity name, which could be
an URL, depending how the ProviderID entity ID is defined in the SP


Additional Information



    Unsolicited Response Query Parameters that the IdP Uses


      Indicates the URL of the target resource at the Service
      Provider. The RelayState value should be URL-encoded.  By including
      this query parameter, it tells the IdP to redirect the user the
      appropriate resource at the Service Provider. This query parameter
      can be used in place of specifying a target URL when configuring
      single sign-on. The RelayState query parameter name is
      case-sensitive, and the value must be URL-encoded.




    Warning: Length of Relay state URL is greater than 80 characters.

      Siteminder doesn't set a maximum value for the RelayState value. Keep
      in mind that :

       - OASIS specification specify that RelayState value should not exceed 80
  bytes (1).

       - Some Browsers or Web Servers might impose a limit in the length of
  the URL.