Manipulate Response Going to IDP with Site

Certified Lead Developer

Hello Appian Community,

We are facing an interesting issue with SAML SSO where we are trying to return the Site the user is trying to access in the IdP response.

The reason for this is we have an application with two sites in Appian. Based on user permissions they might have access to one or both sites. 

In the scenario they have access to two sites we want them to navigate to the site they click. The issue is Appian can only have one IdP per entityId specified in the MetaData so when the response is returned to the IdP they aren't sure which site it is the user wants to access.

Our hopeful solution is to have Appian return, in the response to the IdP, the site the user is trying to access so the IdP can redirect. Is there any possible Appian solution to edit the IdP response?

Thank You,

Kevin

  Discussion posts and replies are publicly visible

Parents
  • 0
    Certified Lead Developer

    To clarify here.

    The goal here is to see whether or not we can include additional properties (i.e. site requested) on the SAML Auth request from Appian that would allow the IdP to better handle generating the claims. As of now, we use “InResponseTo” which has been beneficial for redirecting to the correct Appian site. The issue is knowing which site the user is requesting when the SP request reaches the IdP.

     So the question is whether we can alter the “Appian’s SP request” rather than the “IdP Response” so we could potentially include the site requested.  

Reply
  • 0
    Certified Lead Developer

    To clarify here.

    The goal here is to see whether or not we can include additional properties (i.e. site requested) on the SAML Auth request from Appian that would allow the IdP to better handle generating the claims. As of now, we use “InResponseTo” which has been beneficial for redirecting to the correct Appian site. The issue is knowing which site the user is requesting when the SP request reaches the IdP.

     So the question is whether we can alter the “Appian’s SP request” rather than the “IdP Response” so we could potentially include the site requested.  

Children
No Data