Wednesday, September 21, 2016

OIF: Relay State parameter in Federation

            In  this post, we are going to cover the configuration of 'Relay State' parameter for SP partners. Again before we go into the configuration, Let us understand the purpose of 'Relay state'  parameter. Essentially we use this parameter to automate the redirection of a user to a specific target page URL as soon as authentication against IDP is completed successfully and SAML assertion is posted to SP. This way you can avoid adding 'returnurl' paramter to your SSO URL while redirecting to Service provider application.

          In our example, we are using trying this on Salesforce application by redirecting to some contentdoor specific url. We have configured Salesforce as Service Provider and OAM11.1.2.3 as IDP. You can refer to my earlier posts given below for more information on SSO configurations.
  • OAM BP07
  • RHEL6
  • Salesforce
  • Assuming you already have configured Federated SSO to a service provider application (For ex: Salesforce) by having OAM as IDP and Salesforce as SP.
  • Now Login to OAM server
  • Change directory to <Oracle_IDM1_Home>/common/bin
  • Execute the follownig commands
    • ./
    • connect('weblogic', 'password123', 't3://localhost:7001')
    • domainRuntime() 
    • updatePartnerProperty(partnerName="salesforce",partnerType="SP",propName="providerrelaystate",propValue="",type="string") 

  • On successful execution, You will receive the message as shown above.
  • You can login by login to salesforce using IDP Initiated or SP URLl After the authentication, you will be automatically redirected to the URL that is configured as 'Relay State' URL as shown below.
You can also refer to various other properties that you can set through WLST command line. These are very well documented in Oracle docs. Please refer here.  

Thank you for visiting.