How Can We Help?
ADFS RelayState for IDP Initiated Signon
ADFS RelayState Overview
- ADFS RelayState allows for direct links to specific resources, such as a Lynda.com video.
- ADFS RelayState is not enabled by default.
Enable ADFS RelayState
- For ADFS 2.x, open the following file in Notepad:
%systemroot%\inetpub\adfs\ls\web.config
- For ADFS 3.0, open the following file in Notepad:
%systemroot%\ADFS\Microsoft.IdentityServer.Servicehost.exe.config
- In the microsoft.identityServer.web section, add a line for useRelyStateForIdpInitiatedSignOn as follows, and save the change:
<microsoft.identityServer.web>
...
<useRelayStateForIdpInitiatedSignOn enabled="true" />
...
</microsoft.identityServer.web>
- For ADFS 2.0, run IISReset to restart IIS.
- For both platforms, restart the Active Directory Federation Services (adfssrv) service.
- If you’re using ADFS 3.0 you only need to do the above on your ADFS 3.0 server(s), not the WAP servers.
ADFS RelayState URLs
- There are three parts to these URLs
- IDP URL String: This is the standard URL used to access your AD FS authentication page.
- Relying Party Identifier: This is the identifier found in AD FS for this site. ADFS –> Trust Relationships –> Relying Party Trusts –> site –> Identifiers tab
- RelayState: This is the URL for the final destination.
- These URLs must be encoded
RelayState URL Generator
https://itdocs.housingservices.com/documents/GenerateRelayState.html
Miscellaneous Notes
- Lynda.com links must have the following appended to the end of the basic URL before encoding. (e.g. http://www.lynda.com/Business-Skills-tutorials/Onboarding-New-Hires/165496-2.html?org=housingservices.com?org=housingservices.com)