Idp initiated SSO with id token accessible to server

jindal · October 29, 2020, 12:19am

For our SAML IdP-Initiated SSO, we use OpenID Connect in Response Protocol. We get an idtoken in the final redirect, but it is in the browser hash like Foo.com

The problem is that browsers don’t send params after # to the servers, so our server doesn’t see this token. Is there a way to get this token as a POST param or proper GET param that our server can see.

We want to redirect the user to different urls based on what is in the id token, and we want to do that all in the server.

joseantonio.rey · November 20, 2020, 4:25am

Hello, @jindal,

When forming your /authorize request, you can specify response_mode=form_post, and it will POST the information back to your callback endpoint instead of sending it in the fragment.

Let me know if this helps!

jindal · November 22, 2020, 5:06am

This does exactly what I wanted. Thanks!

konrad.sopala · November 24, 2020, 1:44pm

We are here for you!