问题
We are using SustainSys.Saml2 with IdentityServer4.
We have the following flow working outlined in this question How to maintain returnurl after receiving SAML response from OneLogin
When we issue a ChallengeAsync just before we are redirected to OneLogin to verify our user and send a SamlResponse back we see our AuthenticationProperties get passed to SustatinSys library code and it has relayData and a returnPath set but when OneLogin posts back to us the relaystate is not the returnurl/relayData we specified. We believe it is a value generated from here https://github.com/Sustainsys/Saml2/blob/master/Sustainsys.Saml2/RelayStateGenerator.cs as part of the SamlAuthenticationRequest creation.
Should that be passing the relaydata that we created to SamlAuthenticationRequest so that we can read it once successfully logged in as part of the SamlResponse or are we doing something wrong and need to set some options elsewhere so we can read the relaystate?
回答1:
The relayData and returnPath that you pass in to AuthenticationProperties are preserved in an encrypted cookie during the call to the Idp. The RelayState in the actual Saml2 exchange is a random string, that is also the name of the cookie. When the Saml response is processed, the contents of the cookie are read and the AuthenticationProperties are restored (including the ReturnUrl).
来源:https://stackoverflow.com/questions/52968073/reading-relaystate-from-a-samlresponse