IDP Initiated SSO if SP doesn't initiate login

Owned by Former user (Deleted)
Last updated: 2021-04-27 by Risto Peltomäki
1 min read

The SessionRelayService enables IDP initiated SSO to applications integrated using SAML2 with a URL at the Ubisecure SSO server. This is also known as unsolicited SSO.

Step-by-step guide


  1. Unsolicited SSO can be done by sending SAML response message to address:
    https://ssohost/uas/saml2/SessionRelayService?entityID=urn:uuid:3A97e9cf6b-5218-4cb8-b0b9-bab5d35e6c9b&RelayState=/insert/home/page/here&locale=sv

Text marked with red must be updated accordingly:

-entityID has to be application agents entityID from Ubilogin management UI

-RelayState is relative address on target application server where browser is redirected(so called deep linking)

-locale is users used language

Other optional parameters include:

  • isPassive true/false (optional, default false)
  • forceAuthn true/false (optional, default false)
  • oneTimeUse true/false (optional, default false)
  • template - SSO UI template to be used



Ubisecure Privacy Policy & Cookie Statement