[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DEFAULTQS configuration help



Hi Sampo,
    Thanks for the reply. I got it to work with the change that you
suggested.

My mistake was a silly one, but will mention it here so that if others make
a similar one, they can correct it as well : I was inadvertently writing
the code as 10 (numeric one) instead of l0 (lowercase L) !!

I have a follow-up question w.r.t the RelayState.

If I have a html page then the value of the relay state will be available
as a query parameter (as mentioned in the documentation). However, if I set
the DEFAULTQS, then I would have to hard code the value of "fr". Is my
understanding correct?
If this is the correct assumption, then is that the suggested way - to
direct the user always to the same landing page after SSO, or is the
expectation that there will be a custom idpsel page, which will do an
automatic submit of the form so that the user does not need to do anything?

Regards,
Karthik


On Thu, Nov 21, 2013 at 5:29 PM, <sampo@xxxxxxxxx> wrote:

> Karthik Sudarshan <ksudarshan@xxxxxxxxxx> said:
> > Hi all,
> >     I have downloaded the latest version of zxid (1.16) and compiled
>
> Rest of the list: sorry folks, I did not announce it, but there is a
> new release available :-)
>
> There will be another before christmas.
>
> > against Apache 2.2  on Ubuntu to get the mod_auth_saml.so. I have
> > registered an IDP in my COT using the zxcot utility. I can see that in my
> > dropdown list on the IDP selection page as well.
> >
> > I want to be able to bypass the IDP selection page and directly go to the
> > IDP login page. For that I used the DEFAULTQS configuration option and it
> > does not seem to work.
> >
> > My option in the apache conf file for the <Location> is  as below:
> >
> > DEFAULTQS=10https://<hostname>/<path>/metadata.xml
>
> The correct syntax is the query string syntax as if a form
> had been submitted. Try the following
>
> DEFAULTQS=l0https://<host>/<path>/idp.xml=1%26fp=1
>
> Please note
>
> 1. The l0... stuff must end with "=1"
>
> 2. If there are any other fields you would like to pass, you need
>    to include them in the query string, but you need to URI escape
>    characters, such as ampersand ("&") with %26 (percent 26).
>
> 3. One other field in particular that you may want to pass is
>    fr (aka RelayState) which will control the redirection
>    after SSO if you have configured REDIR_TO_CONTENT=1
>
> Cheers,
> --Sampo
>
> > I tried to give this in the zxid.conf file as well, and that didn't work
> > either.
> >
> > Can someone please suggest how to set this configuration correctly?
> >
> > Regards,
> > Karthik
> >
> > --
> >
> > ------------------------------
> > <http://www.xtivia.com>  <http://www.virtual-dba.com/> <
> http://www.virtual-dba.com/><http://www.virtual-asa.com/>
> >   <http://www.facebook.com/Xtivia>  <http://twitter.com/#!/xtivia> <
> http://www.linkedin.com/company/xtivia>
> >   <http://blogs.xtivia.com>  <http://www.xtivia.com/resources/webinars>
> > *Xtivia Virtual-Services (DBA/ASA) Customer Support: (800) 205-7537*
> > ------------------------------
> > This e-mail may contain confidential or privileged information. If you
> > believe you have received this e-mail in error, please notify the sender
> by
> > reply e-mail and then delete this e-mail immediately.
> >
> >
>

-- 

------------------------------
<http://www.xtivia.com>  <http://www.virtual-dba.com/> <http://www.virtual-dba.com/><http://www.virtual-asa.com/>
  <http://www.facebook.com/Xtivia>  <http://twitter.com/#!/xtivia> <http://www.linkedin.com/company/xtivia>
  <http://blogs.xtivia.com>  <http://www.xtivia.com/resources/webinars>
*Xtivia Virtual-Services (DBA/ASA) Customer Support: (800) 205-7537*
------------------------------
This e-mail may contain confidential or privileged information. If you 
believe you have received this e-mail in error, please notify the sender by 
reply e-mail and then delete this e-mail immediately.