Implement SSO flow for authentication. I'm a newbee here and cannot get some places. I tried to implement service provider initiated flow. And it looks like this:
federation
.Log in
and redirected to our server with SAMLResponse
.So, it looks good but I have one required param for authentication that is necessary for my system but not for IdP. It means that I need somehow to send this param to IdP and IdP should return it without any changes. I tried to read a lot info how to do it but cannot find nothing. I saw param called RelayState
that can be set to URL of frontend app and after authentication on IdP it will return to my server without changes.
Basically my question is how I can use IdP as a Proxy?
What you are doing is SP Initiated and there is a good writeup here.
"The original meaning of RelayState is that the SP can send some value to the IDP together with the AuthnRequest and then get it back. The SP can put whatever value it wants in the RelayState and the IDP should just echo it back in the response."
Example of how to use it.
The problem is that not all IDP implement it and if you redirect to another IDP from your IDP, it may not be passed.