Perhaps a long shot but I have a couple of questions on both versions.
First of for SAML 1.1
I am integrating into a legacy SAML 1.1 application and I am trying to determine if the TARGET query parameter is required in the initial request for the intersite transfer service.
Reading the specs https://www.oasis-open.org/committees/download.php/3405/oasis-sstc-saml-bindings-1.1.pdf. Section 4.1.2.3 says
Section 4.1.2.4 then seems to contradict this and says
So if TARGET is only RECOMMENDED then where would the form get the value of TARGET from?
And another query for SAML 2.0
For SAML 1.1 the TARGET query parameter set in the initial request for the intersite transfer service, is used by the assertion consumer service to redirect the user to the protected resource once the assertions have been validated. So a user could request page 1, 2 or 3 at a protected site and be directed to the correct location after the SAML flow is complete.
How is the same achieved for SAML 2.0? From what I've read the SAML 2.0 ACS processes the SAML response and redirects to the target resource. How would it deal with the page 1, 2 or 3 scenario? Or does it always direct back to a pre defined location? Or is the RelayState used for custom flows like this?
First of for SAML 1.1
I am integrating into a legacy SAML 1.1 application and I am trying to determine if the TARGET query parameter is required in the initial request for the intersite transfer service.
Reading the specs https://www.oasis-open.org/committees/download.php/3405/oasis-sstc-saml-bindings-1.1.pdf. Section 4.1.2.3 says
Section 4.1.2.4 then seems to contradict this and says
Code:
<Body>
<FORM Method=”Post” Action=”https://<assertion consumer host name and path>” …>
<INPUT TYPE=”hidden” NAME=”SAMLResponse” Value=”B64(<response>)”>
…
<INPUT TYPE=”hidden” NAME=”TARGET” Value=”<Target>”>
</Body>So if TARGET is only RECOMMENDED then where would the form get the value of TARGET from?
And another query for SAML 2.0
For SAML 1.1 the TARGET query parameter set in the initial request for the intersite transfer service, is used by the assertion consumer service to redirect the user to the protected resource once the assertions have been validated. So a user could request page 1, 2 or 3 at a protected site and be directed to the correct location after the SAML flow is complete.
How is the same achieved for SAML 2.0? From what I've read the SAML 2.0 ACS processes the SAML response and redirects to the target resource. How would it deal with the page 1, 2 or 3 scenario? Or does it always direct back to a pre defined location? Or is the RelayState used for custom flows like this?
