Idp initiated SSO with id token accessible to server

jindal · October 29, 2020, 12:19am

For our SAML IdP-Initiated SSO, we use OpenID Connect in Response Protocol. We get an idtoken in the final redirect, but it is in the browser hash like Foo.com

The problem is that browsers don’t send params after # to the servers, so our server doesn’t see this token. Is there a way to get this token as a POST param or proper GET param that our server can see.

We want to redirect the user to different urls based on what is in the id token, and we want to do that all in the server.

joseantonio.rey · November 20, 2020, 4:25am

Hello, @jindal,

When forming your /authorize request, you can specify response_mode=form_post, and it will POST the information back to your callback endpoint instead of sending it in the fragment.

Let me know if this helps!

jindal · November 22, 2020, 5:06am

This does exactly what I wanted. Thanks!

konrad.sopala · November 24, 2020, 1:44pm

We are here for you!

Topic		Replies	Views
Access token not a JWT after SAML IDP initiated SSO Help saml , sso , idp-initiated	2	7291	September 10, 2018
IdP-Initiated SSO Converting SAML RelayState to OIDC redirect_uri field Out of the Box? Help sso , oidc , saml2 , idp-initiated	2	5355	September 5, 2019
Idp initiated SSO clarification Help sso , sso-integration , idp-initiated	2	4527	August 30, 2019
Flow for IDP Initiated SSO/SAML Help saml , idp-initiated	2	4597	December 24, 2018
IdP-Initiated SSO where IdP provides the redirect_url Help idp-initiated	2	3989	August 26, 2019

Idp initiated SSO with id token accessible to server

Related topics