Quick Tip: Using Relay State with IdP-initiated SSO in OIF 11g

Recently, a client had a requirement to submit a RelayState URL along with an IDP-initiated SSO request. In this case, we were using the HTTP Post profile with the partner. 

We referred to this documentation on Oracle’s website: click here.

In the doc, there is an explanation on using Relay State with IdP and SP-initiated SSO. Basically, the documentation instructs developers to use the returnURL query string parameter added to the initiatesso link, such as:

http://host:port/fed/idp/initiatesso?providerid=providerA&returnURL=https://www.idmworks.com/ssosite/

Unfortunately, this is wrong. In fact, the returnURL parameter is case sensitive, so this is what works:

http://host:port/fed/idp/initiatesso?providerid=providerA&returnurl=https://www.idmworks.com/ssosite/

We updated the link to use the lowercase version of returnurl and SAML Tracer clearly showed the RelayState being added to the HTTP request.

Another important point to note: 

As the documentation states, if there is no returnurl specified, it will fall back to the Unsolicited SSO RelayState (see below). If there is a value in this field, it will use that as the Relay State. Otherwise, no value will be passed.

 

Questions, comments or concerns? Feel free to reach out to us below or at IDMWORKS