Add parameters to auth request from SP to IDP

40 views

Skip to first unread message

Brendan Curran

unread,

Sep 2, 2010, 10:19:49 AM9/2/10

to simple...@googlegroups.com

I have an SimpleSAMLphp SAML2.0 Service Provider implementation up and running against an Sun OpenSSO IDP.

Accessing the Service Provider-protected application correctly generates a http-redirect auth request to the following IDP URL:

https://idp.acmecorp.com/opensso/UI/Login?realm=/&none=&goto=https://idp.acmecorp.com/opensso/SSORedirect/metaAlias/idp (Request data follows)

However...

I need the service provider to generate a redirect request to the following URL: (notice the addition of realm=/acmecorp&includeSSOCookie=yes parameters)

https://idp.acmecorp.com/opensso/UI/Login?realm=/acmecorp&includeSSOCookie=yes&none=&goto=https://idp.acmecorp.com/opensso/SSORedirect/metaAlias/idp (Request data follows)

How can I fill out the "realm" parameter and add the "includeSSOCookie=yes" parameter to the request?

Thank you,

Brendan

Olav Morken

unread,

Sep 3, 2010, 4:32:21 AM9/3/10

to simple...@googlegroups.com

I think you are looking at the wrong place (SP). The SP doesn't
actually redirect you to .../opensso/UI/Login. Instead it sends a
request by redirecting to a different URL (probably
.../opensso/SSORedirect/metaAlias/idp?SAMLRequest=...). It is this page
that redirects you to the .../UI/Login.

Somehow you need to configure OpenSSO to do add the given parameters. I
am not familiar enough with OpenSSO to say how that can be done.