Can anyone tell me how to pass RelayState for an IDP initiated SSO connection. We have the SSO working but would like to deep link to a page within the service provider's application. They have instructed us on the RelayState to pass but I can't figure out how to format the URL for Okta. We are using the app embedded link and would like to append RelayState to the query string.
To start IdP initiated SAML with Okta you need to use the IdP SSO URL with ?RelayState=
appended to the url, not the app embed url.
You can find the IdP SSO URL url by clicking "View Setup Instructions" on the Sign On tab for the application in the admin console.
An example (don't forget to URL encode the query string): https://thomas-kirk.oktapreview.com/app/salesforce/kqk5e18ZGRXWPQXOCNBQ/sso/saml?RelayState=%2F_ui%2Fcore%2Fchatter%2Fui%2FChatterPage
For IdP initiated SSO (where you login to IdP first, then access SP), you can modify the RelayState under General SAML settings, like:
Note the app embed url is for IdP initiated SSO only, it shouldn't be used for SP initiated SSO as its IdP SSO URL.
When user accesses SP directly (without login to IdP first), it starts a SP initiated SSO. That's where you can append the ?RelayState=your_deep_link
to the IdP SSO URL, so that after you login on IdP, it returns the deep link back to SP for you to redirect to.
And like @Thomas Kirk said, "you can find the IdP SSO URL url by clicking "View Setup Instructions" on the Sign On tab for the application in the admin console."
To start IdP initiated SAML with Okta you need to use the IdP SSO URL with ?RelayState=
appended to the url, not the app embed url.
You can find the IdP SSO URL url by clicking "View Setup Instructions" on the Sign On tab for the application in the admin console.
An example (don't forget to URL encode the query string): https://thomas-kirk.oktapreview.com/app/salesforce/kqk5e18ZGRXWPQXOCNBQ/sso/saml?RelayState=%2F_ui%2Fcore%2Fchatter%2Fui%2FChatterPage
© 2022 - 2024 — McMap. All rights reserved.