Hi, Can you provide more information. What are you attempting to do with that parameter? Why to you want to redirect to **Gluu** login page with a parameter? Please be more specific so that we can help.

Thanks Thomas for replying and apologies for been vague. This token will be generated by SP which will used to identify some condition and context.For things like: - Putting contextual message on login screen - To post/get data from/to the SP. For example to implement remember-me use case, we plan to store this token in cookie and on page load this token will be used to fetch user data from SP and then do auto-submit. Thanks

Depends what version you are using. In version 3.1.1 I think it's supported. I know it will be supported in version 3.1.2 As a workaround, you can send a JSON object as the state param. For example: ``` state={"salt":"abc123", "param1":"spam", "param2":"eggs"} ``` It's important to have a random salt value, so the state param is not static or guessable. You can pick up the state param in a custom authentication script, like the [Passport authn script](https://github.com/GluuFederation/oxAuth/blob/master/Server/integrations/passport/PassportExternalAuthenticator.py) ``` identity = CdiUtil.bean(Identity) sessionId = identity.getSessionId() sessionAttribute = sessionId.getSessionAttributes() print "session %s" % sessionAttribute oldState = sessionAttribute.get("state") ```

Thanks Michael. Quick question - how do I set the state param? The state is passed to Gluu as a query parameter. Is it that any query parameter added to Gluu login url gets added to sessionAttribute? Is yes, then I should be able to get the value like this: ``` <h:outputLabel styleClass="control-label" value="#{identity.sessionId.sessionAttributes['state']}" /> ```

Hi Ved, Here is a simple request: https://gluu.gasmyr.com/oxauth/restv1/authorize?response_type=code&scope=openid%20profile%20email&client_id=%40!29D2.E032.E092.C475!0001!D895.0D17!0008!2123.2050.07CF.A7E4&state=8UwGdSPw1fpIPnAdpP38Vq61Z08&redirect_uri=https%3A%2F%2Foic.gasmyr.com%2Fcallback&nonce=EItbfI0bCJls96OWSdk0m28bOSTQAWtMP93tJCRQLls As you can see there is a parameter named **state** in that request. As Michael states **you can send that state parameter as a JSON object**. Changing state parameter to JSON object allow to you to add one or more custom parameters as json field and use **custom authentication script** to retrieve theses values on Gluu server side. This mean that custom authentication knows about the state parameter and all you have to do is get that parameter and retrieve the fields you have added. Thanks!