modifying 'relayState' in authproc
11 views
Skip to first unread message
Thomas G1
Dec 16, 2024, 3:51:48 AM12/16/24
to SimpleSAMLphp
Hi, i am trying to send the user to specific/different urls depending on some attributes after authentication. I (naively?) assumed from the docs that setting
$state["saml:RelayState"] to the desired value in the authproc filter would do the job but that seems to be ignored - still the originally passed url is used?
Thomas
Tim van Dijen
Dec 16, 2024, 4:02:45 AM12/16/24
to SimpleSAMLphp
Hi Thomas,
It is still possible to do what you, but you will have to manually redirect the user where you want them to go in your application code.
I wouldn't use an authproc-filter for that, because if you redirect the user from there, the authentication process is never truly finished.. It's likely to give you trouble somewhere along the road.
You're hitting a timing issue here.. The saml:RelayState is processed as one of the last steps of authentication but _before_ running the authproc-filters.
It is meant as a mechanism to say: the user started authentication on page /abc123, so after authentication we want to return them there. Not to make attribute-based decisions.
It is still possible to do what you, but you will have to manually redirect the user where you want them to go in your application code.
I wouldn't use an authproc-filter for that, because if you redirect the user from there, the authentication process is never truly finished.. It's likely to give you trouble somewhere along the road.
- Tim
Op maandag 16 december 2024 om 09:51:48 UTC+1 schreef g...@und.zwar.jetzt:
Reply all
Reply to author
Forward
0 new messages