Share via

AD FS 2.0 RelayState Generator

  • Article

Introduction

The ability to generate RelayState in AD FS 2.0 was added in Rollup 2.  To do this you must run through the following process.

  • URL Encode the relying party's identifier

  • URL Encode the RelayState to send

  • Take both values of both, and add them to this string:

    RPID=<URL encoded RPID>&RelayState=<URL encoded RelayState>

  • URL Encode the entire string

  • Take that value and add it to the end of this string:

    ?RelayState=

  • Take that value and add it to the end of the IDP Initiated Signon URL.

    Ex: *https://adfs.contoso.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=***\<URL encoded string>

You can read more about the process here.  To simplify the process, an HTML file was created that uses JavaScript to generate the URL based on the following information

  • IDP URL String
  • Relying Party Identifier (RPID)
  • RelayState / Target Application

**
Download HTML file at CodePlex**

https://adfsrelaystate.codeplex.com/releases/view/93202

AD FS 2.0 Rollup 2

http://support.microsoft.com/kb/2681584

 

Supporting Identity Provider Initiated RelayState
**
**http://technet.microsoft.com/en-us/library/jj127245(WS.10).aspx