Skip to Content
0

How to use Custom Service Provider and not lose parent page context after logon

Apr 05, 2017 at 07:00 AM

97

avatar image
Former Member

Hello,

We are having a use case where in , on an action we would request the user to logon.

While doing so, after logging in the page refreshes and we will lose the action context.

Our Requirement

Action-> Login with SAML/ Basic Auth-> Retrigger the action automatically ( publish the event again )

Is there any mechanism where we give the user a logon overlay and he logs in but the page context is not lost?

I have saved the context information in session Storage but that does not seem to be a secure mechanism. Any suggestions with respect to setup of a custom Service Provider and saving the context information securely would be very much appreciated.

Thanks in advance,

Sharvari

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

avatar image
Former Member
Jun 21, 2017 at 03:37 PM
0

Dear Sharvari,

As I understand from the problem description NetWeaver AS Java is the service provider and you have a custom identity provider. Also it seems to me as a service provider initiated SSO.

In such a case the RelayState cookie should contain the application url where after the authentication is completed on the Identity provider side, the user is redirected to. For further details please check the below SAP Help Portal content:

https://help.sap.com/doc/ff4b68756c551014b39c8f8599a3b675/7.02.18/en-US/4ab4f0fe85376d61e10000000a42189c.html

So in case I understand the scenario correctly, the problem you describe should not occure.

I would recommend, to collect SAML 2.0 trace using the troubleshooting wizzard to check why the redirect does not work correctly.

Best regards,

Emoke

Share
10 |10000 characters needed characters left characters exceeded