Hi All,

I have a service provider we're currently integrating with, who have
specified that idp initiated sso is required. Along with the idp
initiated sso, "deeplink" / relaystate parameters will be provided.

To me, this kind of goes against the requirement that the idp initiate
sso, but nevertheless I'm trying to work a solution. The service
provider is limited by only having an idp authentication URL, to which
they will add a &relaystate=pathtoresource parameter to the URL if

So if a user tries to access
-https://serviceprovider.com/deeplinkresource-, the current solution
without any modification redirects the user to our idp's, ignores the
&relaystate=pathtoresource information, and logs the user into the home

In an attempt to handle the service provide request, I have added some
code in an authentication contract jsp, which reads the url, and
redirects the user to a -http://tinyurl.com/mjgf7da-. This then works as
required when accessing -https://serviceprovider.com/deeplinkresource-,
the user logs in and is directed to the relaystate parameter.

One issue is that access to this new service provider will be via
another service provider (ie, intranet). Once you have logged into the
intranet, links (ie, think
-https://serviceprovider.com/deeplinkresource-) will direct you to the
other service provider and you shouldn't need to re-login. The login
process works as intended, but as the user is already authenticated, the
additional code in the jsp doesn't appear to be executed and the
deeplink / relaystate info is ignored and the user is logged into the

I know the links on the intranet could just be
-http://tinyurl.com/mjgf7da-, but I'm hoping to have all links in the
fashion of -https://serviceprovider.com/deeplinkresource-.

Has anybody else had requirements such as these? How have you handled
these types of requests, and what if any suggestions do you think I
could try?

Thanks in advance.

gbatty1's Profile: https://forums.netiq.com/member.php?userid=2072
View this thread: https://forums.netiq.com/showthread.php?t=52468