Identity-agent-sso is an implementation of all the details discussed above, which can be used to implement SSO enabled web applications. Travelocity is a sample SSO enabled web-app, which is implemented based on Identity-agent-sso.
The RelayState parameter is used so that the service provider can pass some value to the identity provider with the
AuthnRequest and get the same value back with the
Response. This value can be any string and can be useful for service provider application logic (when there is a failure, redirecting to the URL that comes as the RelayState parameter is one way that this can be used).
- For a inbound request to the Identity Server, if the
RelayStateparameter is present, the Identity Server sends back the same value in the response.
- For federation using SAML2, the Identity Server uses the
RelayStateparameter to pass the session index, which is required to continue the authentication flow after receiving authentication response.
Identity provider initiated SSO