TechOnTip Weblog

Run book for Technocrats

LoginToRP – Auto Select Relaying Party

Posted by Brajesh Panda on January 11, 2013

From last couple of weeks I was working to integrate few cloud based applications to our corporate active directory using AD FS 2.0 & SAML Web SSO.

All of these cloud providers support only IdP initiated SSO with ADFS. Before this integration we have had only SharePoint integrated to our AD FS farm. So never got exposed to IDP initiated method/procedures in our environment

While using IdP initiated sign on, user has to visit https://<ADFS-Public-URL>/adfs/ls/idpinitiatedsignon.aspx to get a list of Relaying Party & select the RP & sign to access the application. Even if you go to the service provider’s application URLs directly, they will redirect you to this URL. But I was not impressed with the default relaying party selection page. It need some level of branding work to release it to end users. And after all need little bit effort to inform users about this selection stuff, because this is going to be new to our environment.

While researching how to get rid of this; I found “LoginToRP” parameter; using this we can create a special URL thru which we can forcefully select a relaying party. So instead of redirecting the application to above default IdP initiated sign on URL, if we can redirect the application to this new URL, we can avoid the manual section drop down list of relaying party.

Here is how the new URL looks like;

https:// https://<ADFS-Public-URL >/adfs/ls/idpinitiatedsignon.aspx?LoginToRP=RelayingPartyIdentifier

Instead of RelayingPartyIndentifier you have to type Identifier information for that relaying party. You can find this information from relaying party properties & identifier tab in your ADFS farm. It can be URL, word or in URN format.


Here is another way to do this http://blogs.technet.com/b/askds/archive/2012/09/27/ad-fs-2-0-relaystate.aspx

Advertisements

2 Responses to “LoginToRP – Auto Select Relaying Party”

  1. matthew said

    nice article. typo. change relaying party to relying party

  2. Kevin said

    So the “Relying party identifiers” should be the new, LoginToRP string? ex: https:// https:///adfs/ls/idpinitiatedsignon.aspx?LoginToRP=RelayingPartyIdentifier

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: