Page tree
Skip to end of metadata
Go to start of metadata

The SessionRelayService enables IDP initiated SSO to applications integrated using SAML2 with a URL at the Ubisecure SSO server. This is also known as unsolicited SSO.

Step-by-step guide

  1. Unsolicited SSO can be done by sending SAML response message to address:

Text marked with red must be updated accordingly:

-entityID has to be application agents entityID from Ubilogin management UI

-RelayState is relative address on target application server where browser is redirected(so called deep linking)

-locale is users used language

Other optional parameters include:

  • isPassive true/false (optional, default false)
  • forceAuthn true/false (optional, default false)
  • oneTimeUse true/false (optional, default false)
  • template - SSO UI template to be used