Introduction:

Enable deep links in SITEMINDER federation

Question:

How to configure deep links in SITEMINDER federation.

Environment: 

R12.52, and above

Answer:

A deep link is a hypertext link to a page on a Web site other than its home page.

When the Assertion is posted to SITEMINDER SP from the IDP. SITEMINDER will then process the assertion, establish a session and allow access to the resource if the assertion is valid and the user is authorized to access the resource. The user will then be redirected to the specific landing page specified in the SAML Authentication scheme/Application Integration (Tab) in partnerships or, if enabled, specified in the RelayState parameter sent to SITEMINDER. The default landing page is specified in the Target parameter on the SSO tab of the SAML 2.0 Auth Scheme Properties dialog/Application Integration (Tab) in partnerships. To allow the IDP to specify a specific target for deep linking, check the Relay State Overrides Target checkbox which is present in SSO tab of the SAML 2.0 Auth Scheme Properties dialog/Application Integration (Tab) in partnerships. So In order to use deep links, we need to check the RelayState Overrides Target checkbox.

RelayState:

Indicates the URL of the target resource at the Service Provider. By including this query parameter, it tells the IdP to redirect the user the appropriate resource at the Service Provider. This query parameter can be used in place of specifying a target URL when configuring single sign-on.

Example: http://idp_server:port/affwebservices/public/saml2sso?SPID=SP_ID&ProtocolBinding=URI_for_binding&RelayState=target_URL

<Please see attached file for image>

<Please see attached file for image>

For additional information visit the following link:
http://www.coreblox.com/2012/06/protecting-resources-with-the-siteminder-saml-2-0-authentication-scheme/