Force Shibboleth to redirect to a specific URL after authentication

Asked 22/11, 2016 at 21:1 Answered 5/2, 2018 at 14:51

I'm trying to fulfill a requirement to always have a user be redirected to the same URL after being authenticated through Shibboleth.

At the moment, it will redirect to the referrer (which can change) which we want to ignore and replace it with our own (that never changes).

Update #1

Unsure if I need to do this at the SP or IDP level.

Innerdirected answered 22/11, 2016 at 21:1 Comment(6)

Is it that you have a service provider (SP) that you want to configure to redirect its clients after receiving the response from the identity provider (IdP)? – Individuality 23/11, 2016 at 8:23

You can use a custom HTTP filter as described in #19630041 – Daciadacie 23/11, 2016 at 11:34

@Individuality I was thinking/hoping I could set something up in my shibboleth2.xml for my SP. – Innerdirected 23/11, 2016 at 12:27

@TekiusFanatikus were you able to figure out a solution for the issue? – Hydroelectric 13/7, 2017 at 20:22

Unfortunately, I haven't and simply moved on. Sorry. – Innerdirected 13/7, 2017 at 23:35

Same here, would love to see if someone has more feedback about this. There is nothing that can be send in the SAML2/POST to indicate what is the redirect URL after successful login ? – Madelynmademoiselle 24/9, 2017 at 16:10

I think we have a similar question, I was searching for an answer to my question when I came across yours. To make sure I have you right, and make this question bump up in the search rankings, you're (likely) wanting to have your SP redirect you to a specific URL after login. What is your Stack setup? Apache?

If you look at the Shibboleth documents - specifically:

https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessionInitiator and https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings and https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessionCreationParameters

you will find that there is a "Location" attribute and a "target" attribute which may meet your needs.

Location (relative path) The location of the SessionInitiator (when combined with the base handlerURL). This is the location to redirect to when manually initiating a session using the query string protocol.

target (URL) (Version 2.4 and Above) Allows the resources to return to after SSO to be "locked" to a specific value, even when running as a result of active protection of other resources. In other words, this value overrides the actual resource location when SSO redirection is automatic, including initial access and after a timeout.

In theory you should be able to add these to your configuration. For me I need to figure out how to do this dynamically so if a file is clicked on, after logged in you're re-directed back to it.

Erdei answered 15/1, 2018 at 16:10 Comment(0)

we had the same requirement. follow below steps:

You need to make change in your shibboleth idp. you can create one relying party and specify location of it's metadata file. In this service provider's metadata file, there is one attribute named saml consumer. set this value to where you want to point the user after successful authentication.

In our case, we had only one service provider so we created only one entry in relying party and disabled other/default replying parties. after this we added static SP metadata file which contained url of the consumer.

Limpid answered 5/2, 2018 at 14:51 Comment(0)

Recommended topics

Hot tags