Symantec Access Management

Hi All,

How to achieve dynamic RelayState in Siteminder Federation (FRPS + Weblogic) in IdP initiated journey.

Is there any way to define in  reverse proxy entries for dynamic RelayState? I know we can configure the static RelayState in proxy entries

PathTrim "testrelaystate"

PathPrepend  /affwebservices/public/saml2sso?SPID=test_spid&ProtocolBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&RelayState=   --> we can set the static relaystae here.

I would like to know the configurations associated in dynamic relaystate.

We are trying to achive this by mentioning relaystate in the idp URL itself as a query parameter  i.e. https://<frpsdns>/testrelaystate?RelayState=www.abc.com/one.. In this RelayState will be frequently changing like RelayState=www.abc.com/two, RelayState=www.abc.com/three...

Is there any way to achieve dynamic relaystate? Any documents to refer?

Kindly suggest your views.

Can you elaborate a little more?

If I understand the use case, this is often achieved through the use of an active page.  The link to access the federated application takes the user to an active page that reads in whatever necessary data to form the URL to begin federation, including the RelayState value.  This will allow the RelayState value to be created dynamically.

Sometimes the authentication URL (redirect.jsp by default) can be leveraged to dynamically create the RelayState value and append it to the URL after authentication.

Please note that RelayState values must always be URL encoded to assure the value is preserved through the series of redirects that may be involved in authenticating the user.

-Pete