URL redirection from ADFS server

Sam picture Sam · Apr 26, 2012 · Viewed 23.1k times · Source

I'm using ADFS for authentication in my ASP.net web app. The STS server redirects the browser to https://test.contoso.com. STS doesn't allow any return URL parameter when redirecting the client to STS in the first place.

Would it be possible to redirect the browser from https://test.contoso.com (after redirection from STS) to any other URL, say https://variableName.test1.contoso2.com ?

Any help is much appreciated.

Answer

Andrew Lavers picture Andrew Lavers · Apr 27, 2012

Upon authentication, ADFS by default should redirect the user to the Relying Party Application realm. It sounds like this is what you have already but you want to be able to redirect to a different RP URL.

Let's suppose you have an RP, with the realm http://myrprealm.com configured in ADFS. The user browses to http://myrprealm.com/Contacts.aspx. The WIF FederatedAuthenticationModule (FAM) sees that the user is not authenticatd, so it saves the relative url "/Contacts.aspx" inside a Return URL parameter called ru. This ru gets packaged inside the WS-Federation Passive context parameter (wctx). The FAM then redirects the user to ADFS for authentication. ADFS will preserve the wctx parameter and echo it back to the RP (http://myrprealm.com) upon successful authentication. Now the FAM processes this ADFS response. When the FAM opens up the wctx, it notices that ru=/Contacts.aspx, so after establishing a session, it will redirect the user to Contacts.aspx.

If you incorporate WIF into your ASP.NET site using the the SDK (visual studio > Add STS Reference), you will have this behavior by default.