We have a secure web portal which we allow our SAML IDP partners to SSO into our secure web portal. Due to the various API service calls that are required to retrieve our user's information from our backend system for the portal logon process we came up with a custom inbound SAML authentication flow which works very well but due to this design we cannot support the deeplinking or RelayState parameter to direct the inbound SAML authentication request to the Target/RelayState post SAML authentication.
After we authenticate the SAML request, we have to send the request to another resource where there will be some API calls to retrieve the user's information from backend systems and then eventually the request will then be redirected to the application's secure home page.
Our plan to accomplish the RelayState redirect is to capture the value of the SAML request RelayState and turn that into an HTTP header and using this header value to redirect the browser to this location after the user finally made it to the web application secure home page. I can extract the SSO user's data from the SAML assertion and create HTTP headers for our app but wondering if there is an OOTB way for SiteMinder to capture the RelayState parameter and create an HTTP header with that value.
Thanks in advance!
No, I dont think this is possible with OOTB feature.
But i do have below suggestions.
You can store the relay state parameter as a cookie and send this cookie when you initiate custom inbound SAML authentication flow and add this as SAML Assertion attribute. So SP (service provider) can read this and set them as HTTP Headers, using this header value to redirect the browser to this target after the user finally made it to the web application secure home page.
Also we do have an option to set the assertion attributes as HTTP Headers in siteminder ( when siteminder is acting as SP) but in your use case siteminder is IDP, Hence you can not use this feature.
hope this helps.
Thank you so much for sharing that. So the SAML IDP will POST their SAML assertion to our SP with the RelayState, how would we create a cookie with the RelayState value? Would this be done via SiteMinder or would we need to write some Java Script to create the cookie?