Dynamic Relaystate

Document ID : KB000103226
Last Modified Date : 29/06/2018
Show Technical Document Details
Issue:
Protecting Federation Services with CA Access Gateway (SPS), when I
try to pass the relay state value to the backend Federation Services,
then the value I wish to pass get all the query parameter, including
the leading ? mark. I'd like to know how to achive this.

I've configured the rule that way :

 <nete:cond type="uri" criteria="beginswith" <nete:case
  value="/myapp.html?">
 <nete:forward>http://idp.myidpdomain.com/affwebservices/public/saml2sso?SPID=sp.myspdomain&ProtocolBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&Relaystate=$1</nete:forward>
 </nete:case> </nete:cond>

and when I access the following URL :

https://idp.myidpdomain.com/myapp.html?<RelaystateURL>

then the RelayState value goes like this :

   RelayState = ?https://sp.myspdomain.com/saml/login/geyYSb5/Q1TH1b8zgwxa

I want to have the leading "?" removed.
 
Resolution:
You might configure the rule using the expressions like this to get
removed the leading ? character.

  <nete:case value="/myapp.html">
  <nete:xprcond>
  <nete:xpr>
  <nete:rule>^/myapp.html\?(.*)</nete:rule>
  <nete:result>http://idp.myidpdomain.com/affwebservices/public/saml2sso?SPID=sp.myspdomain&amp;ProtocolBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&amp;RelayState=$1</nete:result>
  </nete:xpr>
  <nete:xpr-default>
  <nete:forward> http://idp.myidpdomain.com/affwebservices/public/saml2sso?SPID=sp.myspdomain&amp;ProtocolBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</nete:forward>
  </nete:xpr-default>
  </nete:xprcond>
  </nete:case>