LoginToRP – Auto Select Relaying Party
Posted by Brajesh Panda on January 11, 2013
From last couple of weeks I was working to integrate few cloud based applications to our corporate active directory using AD FS 2.0 & SAML Web SSO.
All of these cloud providers support only IdP initiated SSO with ADFS. Before this integration we have had only SharePoint integrated to our AD FS farm. So never got exposed to IDP initiated method/procedures in our environment
While using IdP initiated sign on, user has to visit https://<ADFS-Public-URL>/adfs/ls/idpinitiatedsignon.aspx to get a list of Relaying Party & select the RP & sign to access the application. Even if you go to the service provider’s application URLs directly, they will redirect you to this URL. But I was not impressed with the default relaying party selection page. It need some level of branding work to release it to end users. And after all need little bit effort to inform users about this selection stuff, because this is going to be new to our environment.
While researching how to get rid of this; I found “LoginToRP” parameter; using this we can create a special URL thru which we can forcefully select a relaying party. So instead of redirecting the application to above default IdP initiated sign on URL, if we can redirect the application to this new URL, we can avoid the manual section drop down list of relaying party.
Here is how the new URL looks like;
https:// https://<ADFS-Public-URL >/adfs/ls/idpinitiatedsignon.aspx?LoginToRP=RelayingPartyIdentifier
Instead of RelayingPartyIndentifier you have to type Identifier information for that relaying party. You can find this information from relaying party properties & identifier tab in your ADFS farm. It can be URL, word or in URN format.
Here is another way to do this http://blogs.technet.com/b/askds/archive/2012/09/27/ad-fs-2-0-relaystate.aspx