12

I'm using ADFS for authentication in my ASP.net web app. The STS server redirects the browser to https://test.contoso.com. STS doesn't allow any return URL parameter when redirecting the client to STS in the first place.

Would it be possible to redirect the browser from https://test.contoso.com (after redirection from STS) to any other URL, say https://variableName.test1.contoso2.com ?

Any help is much appreciated.

MarnixKlooster ReinstateMonica
  • 9,640
  • 14
  • 54
  • 108
Sam
  • 933
  • 5
  • 14
  • 26

1 Answers1

15

Upon authentication, ADFS by default should redirect the user to the Relying Party Application realm. It sounds like this is what you have already but you want to be able to redirect to a different RP URL.

Let's suppose you have an RP, with the realm http://myrprealm.com configured in ADFS. The user browses to http://myrprealm.com/Contacts.aspx. The WIF FederatedAuthenticationModule (FAM) sees that the user is not authenticatd, so it saves the relative url "/Contacts.aspx" inside a Return URL parameter called ru. This ru gets packaged inside the WS-Federation Passive context parameter (wctx). The FAM then redirects the user to ADFS for authentication. ADFS will preserve the wctx parameter and echo it back to the RP (http://myrprealm.com) upon successful authentication. Now the FAM processes this ADFS response. When the FAM opens up the wctx, it notices that ru=/Contacts.aspx, so after establishing a session, it will redirect the user to Contacts.aspx.

If you incorporate WIF into your ASP.NET site using the the SDK (visual studio > Add STS Reference), you will have this behavior by default.

Andrew Lavers
  • 8,023
  • 1
  • 33
  • 50
  • 1
    Okay, so I have registered URL_1 as the endpoint URL in ADFS. But say the user hits URL_2 and URL_2 is configured to redirect the user to ADFS for auth. After auth, the ADFS redirects the user to URL_1. I want it to redirect it to URL_2 or in general URL_{*} where the user was redirected to ADFS. Any pointers to this? – Sam Apr 29 '12 at 21:31
  • 1
    You don't want ADFS to redirect to URL_2, you always want it to redirect to URL_1, where WIF is listening. WIF will process the response at URL_1, and then take care of redirecting the user to URL_2. Please re-read my response, I've elaborated more on the details. – Andrew Lavers Apr 30 '12 at 21:17
  • 1
    @AndrewLavers - I'm running into the same issue using VS2013, however I don't seem have an option for adding the STS Reference. I've plugged my application into ADFS, however I get redirected to the root url each time, and not the URL specified in the wctx parameter. I understand what you said above with regards to the FAM processing the response, but it doesn't seem to work natively. Could you point me in the right direction here? – Brosto Oct 30 '14 at 17:09