Azure ACS - Relaying Party app - ReturnURL with parameters?

Question

Azure ACS - Relaying Party app - ReturnURL with parameters?

We are creating an application that uses ACS. Our usage scenario is as follows:

The user receives a URL like this https://our.application.com/?requestId=123456 by email and clicks on it
User redirected to LiveID login screen
After logging in, ACS redirects the user to us, but https://our.application.com/

Unfortunately, it seems that the "Return URL" parameter in the "Relaying Party" in the "Portal Service Control Portal" is a fixed string. Is there a way to spread the initial request to it? If not, what would you suggest as a workaround?

+6

azure acs accesscontrolservice

Ivan Klaric Aug 2 '12 at 14:32

source share

3 answers

The answer is actually yes, but not without a little work. In step 3, your return URL is overridden with the one you configured in ACS RP from the default ACS login page. This is the default ACS page where you select an identity provider. (You may not always see it in the browser, it will be redirected automatically if you have only one IDP configured.)

You can tell ACS to use a custom login page that you host on your own so that this original URL is saved. You can load the default ACS login page from the ACS port as something that could be disabled.

The hard part comes from the fact that different identifier providers using different protocols use different mechanisms to keep this original URL.

Below are some additional examples and code examples that can be found here, and you can find further solutions to this problem elsewhere on the Internet:

How to return return URL again after loading login page from Azure ACS?

+4

Andrew Lavers Aug 2 '12 at 16:27

source share

If you want to provide "returnUrl" through your Microsoft ACS + account, you can request ACS login pages through IdentitiyProviders.js and pass a "context", for example: https://MyACS.accesscontrol.windows.net/v2/metadata/IdentityProviders .js? protocol = wsfederation & realm = MyRealm & reply_to = & context = foooobar & request_id = & version = 1.0 & callback = & wfresh = 0

As a result, you get a login URL-address for the Microsoft account with parameter wctx: https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=...&wp=MBI_FED_SSL&wctx=cHI9d3NmZWRlcmF0aW9uJnJtPXVybiUzYW9uZW9mZml4eCUzYWRldiUzYWRlZmF1bHQmY3g9Zm9vb29iYXI1 <- foobar.

After the registration process, your configured returnUrl is called with the wctx parameter (in my example, you will get "foobar").

0

Robert Muehsig Aug 15 '13 at 12:16

source share