The SessionRelayService enables IDP initiated SSO to applications integrated using SAML2 with a URL at the Ubisecure SSO server. This is also known as unsolicited SSO.
Step-by-step guide
- Unsolicited SSO can be done by sending SAML response message to address:
https://ssohost/uas/saml2/SessionRelayService?entityID=urn:uuid:3A97e9cf6b-5218-4cb8-b0b9-bab5d35e6c9b&RelayState=/insert/home/page/here&locale=sv
Text marked with red must be updated accordingly:
-entityID has to be application agents entityID from Ubilogin management UI
-RelayState is relative address on target application server where browser is redirected(so called deep linking)
-locale is users used language
Other optional parameters include:
- isPassive true/false (optional, default false)
- forceAuthn true/false (optional, default false)
- oneTimeUse true/false (optional, default false)
Related articles