Browser Redirect Behavior

I have a third party IdP which is going to communicate via SAML with my SP, a ReactJS Single Page App. Auth0 is going to receive the SAML request from the IdP and has been configured to forward it to the SP via OpenID. Here is what is happening in our proof of concept:

User logs in to the IdP
User clicks on a link in a dashboard to access the SP, which is actually a link to Auth0
First the browser navigates to this url (which is correct):

https://My-URL-In-Auth0-AllowCallbackURL/profile#access_token=XXXXXXXXXX&scope=openid&expires_in=7200&token_type=Bearer&id_token=XXXXXXXXXX

and immediately, the browser then it tries to navigate to this url:

https://My-URL-In-Auth0-AllowCallbackURL/?code=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-XXXXXXXXXXXXX&state=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

and then it lands on:
https://My-URL-In-Auth0-AllowCallbackURL/profile

Since the 3rd url does not have the access token, the SPA displays the login screen.

At this point, if the page is refreshed (F5), the profile page for the requested account is shown as expected.

This behavior occurs only on the first login. It loads the profile page normally on subsequent attempts on Chrome, Edge and Opera browsers. For some reason, Firefox and Brave browsers land on the login page all the time. If the first url (shown above) is placed in the address bar of these browsers, it shows the page correctly.

I have already read the following articles:

Configure Silent Authentication - this article suggests adding prompt=none, which I added to:
SP Tenant| Authentication | Enterprise | SAML | MyConnection | IdP-Initiated SSO | Query String
as:
response_type=token id_token&prompt=none

but this did not have any impact.

Is there a setting in Auth0 that can impact this behavior? Or is this something that needs to be captured by the SPA?

Any assistance would be appreciated, thank you very much!

Hi @rbn,

It sounds like you are using an Configure SAML Identity Provider-Initiated Single Sign-On flow. Did you go through that doc to set up your connections and application for IdP initiated SSO?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.