I am attempting to access a link to a document within an application. When I click on the link I am directed to authenticate via SAML (Ping Federate). Once I am logged into the application the link is lost and it takes me to the application's home page. Does anyone know how I need to configure SAML to remember the link after I authenticate. I am under the impression that it has some thing to do with Deep Linking and/or RelayState. I have Deep Linking turned on in the app and my relay state variable is "RelayState". Any help would be appreciated. Thanks!
Asked
Active
Viewed 2,356 times
1
-
There's very little information to go on here about your app, which is where the problem (or a signpost towards it) most likely lies. – Jeffrey Hantin Dec 18 '13 at 23:44
-
1Jeffrey Hantin is correct - we're missing key information. In general, the way that "deep-linking" with PingFed (and SAML2) works is that you attempt to access the document at the Service Provider (SP). The SP application recognizes you don't have what it needs to validate your access, redirects you to the SP side of the federation which stores the "referrer" as the TargetResource. It then redirects with an opaque ID of that TargetResource to the Identity Provider (IdP). The IdP authenticates you, redirects you back to the SP with a TargetResource of the Opaque ID, which sends you to your app. – Andrew K. Dec 20 '13 at 14:57
1 Answers
1
@andy-k-ping-identity is right in his comment. When your app that is deeply linked to determined that it doesn't have a session, it needs to redirect to the PingFederate SP's start SSO endpoint w/ the deeply linked page as the TargetResource. After all the SSO is done, PingFederate will cause the user to be redirected to that page. So, for example, the deeply linked app should return a 302 like this if the user doesn't have a session:
HTTP/1.1 302 Found
Location: https://fs.sp.com:9031/sp/startSSO.ping?TargetResource=https://sp.com/deep-link&...
HTH!
Travis Spencer
- 2,231
- 16
- 26