I send AuthnReuqust to IDP using HTTP Redirect binding. I am
successful in sending it if my endpoint location looks like following:
https://abc.net/loginservice/login/
Now I like to send an extra query parameter using this binding. I
thought if I just change the endpoint location i.e
https://abc.net/loginservice/login/?status=1
Thing should work. It did not. It puts the reglar parameters i.e
(SAMLRequest,SigAlg,Signature) but status does not appear in query
parameter.
am I missing something.?
Thank you.
rn
That is not a legal use of the Redirect Binding.
-- Scott
It does not allow them, because the binding itself makes use of those
parameters. If you want to carry other information, you do it with SAML
extensions.
-- Scott
"A URL encoding MUST place the message entirely within the URL query
string, and MUST reserve the
rest of the URL for the endpoint of the message recipient."
I thought this means the protocol allows extra query string. Is this
not the intent of above statements?
I do agree we should not use the name of query parameter that
conflicts with the parameter name that protocol uses
Thank you.
rn
That text is talking about defining alternate URL encodings within the
overall binding, which was an extension point. I had forgotten that it
existed, but the text in question is precluding the use of Path Info as
part of the URL encoding.
For the purposes of what you're trying to do, you would have to define an
alternate URL encoding, and attach that explicit parameter to identify
that it's an alternate one to the default. By using a superset of the
original encoding, you could achieve at least a semblance of
compatibility, but with no guarantee that a strict peer wouldn't reject it.
-- Scott
Well it very good hint and will definitely work if you manage both
client and server.
rn