OIF IdP Does Not Return RelayState Sent By Service Provider

(Doc ID 1607177.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Identity Federation - Version 10.1.4 and later
Information in this document applies to any platform.

Symptoms

RelayState is lost by OIF IdP for SP-initiated SSO.

Oracle Identity Federation (OIF) has been configured as Identity Provider (IdP) with a 3rd party Service Provider (SP).

When a protected SP application page is accessed SP-initiated SSO is triggered and the user is redirected to the OIF IdP for login, but after login one of the following occurs:

Either a) The SP product generates an error because a RelayState parameter was not received from the OIF IdP

Or b) The user is redirected back to the default SP application homepage instead of the originally requested page.

The HTTP Header trace shows that OIF receives a RelayState parameter with the SAML Request from the SP but does not return one to the SP with the assertion / SAML Response after login.

Steps to reproduce

1. Access https://app.SPdomain.com/pages/specificpage in SP domain.
2. The OIF IdP login page is displayed.
3. Submit valid IdP domain credentials.
4. Either an SP domain SAML Error page is displayed or the user is redirected back to the default application home page instead of https://app.SPdomain.com/pages/specificpage


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms