Feb 27th, 2013, 07:26 AM
Additional data when SSO initiated
I have introduced the spring saml extension into our web application which is acting as the SP.
I have some basic code working with ssocircle as the IDP. The samlEntryPoint is configured with an intercept-url that is causing redirects to the IDP to login when no SAMLCredentials exist. When the user has SAML credentials they proceed as expected.
When the intercept-url is hit, I also want to also pass some additional data along which I need after authentication completes. I see that there is a relay state parameter, but i am not clear on how to use it or if it is indeed what i am looking for. I have seen the existing post on relay state, but that isn't exactly clear to me.
Ideally, the additional data i need would be POSTed to the intercept-url ... but i am not really sure if things can be made to work this way. Any thoughts on how to do this would be much appreciated.
Feb 28th, 2013, 10:00 AM
I'm not sure if I exactly understand your need. You can definitely override the SAMLEntryPoint's commence method and e.g. store additional data to user's session before starting the authentication.
The RelayState works "as a "bounce - you send some data to IDP and IDP sends the same data back, this can be useful e.g. in case you'd like to avoid having to start an HttpSession before user is authenticated, but still associate some internal data with the user.
In case you'd like to use the RelayState the way to do so is again to override the SAMLEntryPoint, this time method getProfileOptions. From this method you'd return instance of the WebSSOProfileOptions with relayState property set to the value you require. Once the authentication succeeds the same RelayState value will be available in the SAMLCredential which you can work with e.g. in the SAMLUserDetailsService.