A URL List for the Relay State You're In

When an identity provider and a service provider are communicating using SAMLv2 (a redirect or an assertion exchange, for example), the RelayState parameter is used to store the URL to which the user will be redirected after the action (single sign-on, single log out or termination, for example) is complete. (If a RelayState value is not specified, the value of the defaultRelayState property in the extended metadata configuration of the entity provider is used. See Constructing SAML Messages in the Sun OpenSSO 8.0 Developer's Guide for more information.)

To avoid the RelayState parameter's being used to redirect the user to an invalid site, the Relay State URL List has been added as an Advanced property in the Standard Administration Console to the hosted identity provider, the hosted service provider and the Fedlet metadata. The value of this property is essentially a white list of URLs. If the property contains no URLs, no further check is done and the user is redirected to the URL value of the RelayState parameter as per usual. If URLs are specified, both the hosted identity provider and hosted service provider (or Fedlet, if applicable) will check the value of the RelayState parameter in the communication against the URLs and, if there is a match, redirection to the value of the RelayState parameter is allowed. If there is no match, the user is shown a browser error indicating Invalid Relay State URL specified.

To add to the Relay State URL List, log in to the OpenSSO Standard Administration Console as administrator.

  1. Click the Federation tab.
  2. Click the name of the appropriate hosted entity provider from the Entity Providers table.
  3. Click the Advanced tab.
  4. Click Relay State URL List (or scroll to the page's bottom).
  5. Add one or more URLs based on the following supported patterns.
    • \*
    • http://host:port/\*
    • http://\*:\*/\* - (if no port number is specified, defaults to 80 as the protocol is http)
    • https://\*:\*/\* - (if no port number is specified, defaults to 443 as the protocol is https)
    • http://\*:\*/\*?\* - (if query string is present)
    • http://host:port/-\*-/test - (one level wild card support)
  6. Click Save.

Now enjoy this video from (very early) Bananarama - State I'm In. They look like they're in a Dexy's Midnight Runners state.

Or if you prefer the Squeaky Mix - half the time, double the BPM and quadruple the laughs.

Comments:

interesting post thank you fot the post and video are also good thank you

Posted by lemonade diet on January 10, 2010 at 03:32 PM PST #

Thanks, lemonade. Glad you found it.

Posted by Michael Teger on January 11, 2010 at 12:37 AM PST #

Post a Comment:
Comments are closed for this entry.
About

docteger

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today