Federation Manager Guide › Federation Partnerships › Application Integration › Redirecting a User to the Target Application

Redirecting a User to the Target Application

The Target Application group box in the Application Integration step lets you define how a user gets redirected from Federation Manager to the target application. There are several methods from which to choose. The redirection method you select depends on the type of data you want to pass along with the user to the target application.

To configure the redirection method

1. Navigate to the Application Integration step in the Partnership wizard.
2. Select a redirection method for the Redirect Mode field.
   • If you select Cookie Data, you can URL-encode attribute data in the cookie by selecting the URL Encode Attribute Cookie Data check box.
   • If you select open format cookie as the mode, there are additional settings you must configure, such as the name of the cookie, the algorithm that encrypts the cookie along with the encryption password. Optionally, you can enable an HMAC function to verify the integrity of the cookie.

     If the relying party receives an assertion with multiple attribute values, Federation Manager passes all values to the target application in the cookie.

   • If you select one of the FIPS-compatible algorithms (AES algorithms), you are required to use a Federation Manager SDK to consume the open format cookie. If you use the .NET SDK, you are required to use the AES128/CBC/PKCS5Padding encryption algorithm.
   • If you configured Federation Manager in proxy mode and you select HTTP Headers as the redirect mode, Federation Manager can deliver multiple attribute values in a single header by separating each value with a comma.

   Note: Click Help for a description of fields, controls, and their respective requirements.

3. Enter the URL of the target application in the Target field.

   If you select Relay state overrides target, Federation Manager ignores the value in the Target field and uses the target in the Relay State query parameter, which can be part of the request to initiate single sign-on at the asserting or relying party.

Setting up redirection to the target is complete.