Dynamically Set SAML SSO Callback URL Based on Users' Organization

rueben.tiow · August 4, 2023, 9:27pm

Problem statement

I am trying to use code like this to set the SAML2 callback URL on the login flow:

function setCallback(user, context, callback){
  if (context.organization.name === 'Org_A') {
    context.samlConfiguration.callback = 'https://destination_A.com';
  } else {
  // Default redirect URL if no specific organization match
    context.samlConfiguration.callback = 'https://destination_B.com';
  }
  callback(null, user, context);
}

With the above code, I am getting an error, so there may be something missing or incorrect:
Error: access_denied, cannot set properties of undefined (setting callback)

Is this the correct method, or is there another way?

Solution

Unfortunately, It’s not possible to dynamically change where the SAML response is posted from a Rule. We’ll always POST the SAML response to the configured Application Callback URL regardless of how the destination is configured.

One solution to achieve this would be to configure a separate Application with its own SAML2 add-on configuration and make a second login request afterward to each application conditionally based on the org_id in the user’s ID token.

Topic		Replies	Views
Configure SAML callback URL Help connections , saml-enterprise-connection	8	1076	April 2, 2024
Callback URL Different from http://{your_domain}/callback Help connections , oidc-enterprise-connection	1	599	January 4, 2024
How to override the callback url on the SAML2 Web App addon Help saml	4	5925	February 6, 2019
Rules not rewriting Application Callback URL Help	2	3522	December 8, 2018
Error from Rule on Unused Object Knowledge Articles	1	301	January 29, 2024

Dynamically Set SAML SSO Callback URL Based on Users' Organization

Problem statement

Solution

Related topics