Forum Discussion
Rabbit23_116296
Nimbostratus
Jun 25, 2014Thanks for posting Kevin. The way Workday developed the SP initiated deep linking was to use a parameter called done. This if captured in the querystring can be appended to body and not the samlresponse as i see from the example. So assuming that's the case then the signed SAMLresponse should then not be modified in transit.
I see where you are going with the layered VIP, the only way I thought to change this was to modify the assertion consumer service URL to a local layered VS to be able to capture it, problem is the payload would then be incorrect and need deflated XML manipulation so it's not ideal.
I've pushed the vendors to spawn the necessary relaystate parameter to feed our IDP as I believe that is what it was designed for.