Idp initiated SSO with id token accessible to server

jindal · October 29, 2020, 12:19am

For our SAML IdP-Initiated SSO, we use OpenID Connect in Response Protocol. We get an idtoken in the final redirect, but it is in the browser hash like Foo.com

The problem is that browsers don’t send params after # to the servers, so our server doesn’t see this token. Is there a way to get this token as a POST param or proper GET param that our server can see.

We want to redirect the user to different urls based on what is in the id token, and we want to do that all in the server.

joseantonio.rey · November 20, 2020, 4:25am

Hello, @jindal,

When forming your /authorize request, you can specify response_mode=form_post, and it will POST the information back to your callback endpoint instead of sending it in the fragment.

Let me know if this helps!

jindal · November 22, 2020, 5:06am

This does exactly what I wanted. Thanks!

konrad.sopala · November 24, 2020, 1:44pm

We are here for you!

Topic		Replies	Views
Access token not a JWT after SAML IDP initiated SSO Help saml , sso , idp-initiated	2	7279	September 10, 2018
IdP-Initiated SSO where IdP provides the redirect_url Help idp-initiated	2	3982	August 26, 2019
Auth0 as Service Provider returning SAML Response instead of Auth0 IDToken Help sso , application	2	1460	August 20, 2023
Problem with IdP-initated SAML login flow Help connections , saml-enterprise-connection	0	887	April 11, 2023
Retrieving a Refresh Token on SAML IDP-Initiated SSO Knowledge Articles sso-integration , samlp , saml2	1	1276	November 4, 2023

Idp initiated SSO with id token accessible to server

Related Topics