Idp initiated SSO with id token accessible to server

For our SAML IdP-Initiated SSO, we use OpenID Connect in Response Protocol. We get an idtoken in the final redirect, but it is in the browser hash like foo.com/#id_token=

The problem is that browsers don’t send params after # to the servers, so our server doesn’t see this token. Is there a way to get this token as a POST param or proper GET param that our server can see.

We want to redirect the user to different urls based on what is in the id token, and we want to do that all in the server.

Hello, @jindal,

When forming your /authorize request, you can specify response_mode=form_post, and it will POST the information back to your callback endpoint instead of sending it in the fragment.

Let me know if this helps!

1 Like

This does exactly what I wanted. Thanks!

2 Likes

We are here for you!