/
IDP Initiated SSO if SP doesn't initiate login
IDP Initiated SSO if SP doesn't initiate login
- Former user (Deleted)
- Risto Peltomäki
- Former user (Deleted)
- Keith Uber
Owned by Former user (Deleted)
Last updated: 2021-04-27 by Risto Peltomäki
The SessionRelayService enables IDP initiated SSO to applications integrated using SAML2 with a URL at the Ubisecure SSO server. This is also known as unsolicited SSO.
Step-by-step guide
- Unsolicited SSO can be done by sending SAML response message to address:
https://ssohost/uas/saml2/SessionRelayService?entityID=urn:uuid:3A97e9cf6b-5218-4cb8-b0b9-bab5d35e6c9b&RelayState=/insert/home/page/here&locale=sv
Text marked with red must be updated accordingly:
-entityID has to be application agents entityID from Ubilogin management UI
-RelayState is relative address on target application server where browser is redirected(so called deep linking)
-locale is users used language
Other optional parameters include:
- isPassive true/false (optional, default false)
- forceAuthn true/false (optional, default false)
- oneTimeUse true/false (optional, default false)
- template - SSO UI template to be used
Related articles
, multiple selections available,
Related content
Check if a user has an active session via the back channel using session_index
Check if a user has an active session via the back channel using session_index
Read with this
Lab 1.2: Web Application Integration
Lab 1.2: Web Application Integration
More like this
Creating CustomerID smartlinks (preselected authentication method)
Creating CustomerID smartlinks (preselected authentication method)
Read with this
Use an unsolicited SSO or an IDP initiated SSO
Use an unsolicited SSO or an IDP initiated SSO
Read with this
SAML 2.0 Bearer Assertion Grant - SSO
SAML 2.0 Bearer Assertion Grant - SSO
Read with this