Problem statement
I am trying to use code like this to set the SAML2 callback URL on the login flow:
function setCallback(user, context, callback){
if (context.organization.name === 'Org_A') {
context.samlConfiguration.callback = 'https://destination_A.com';
} else {
// Default redirect URL if no specific organization match
context.samlConfiguration.callback = 'https://destination_B.com';
}
callback(null, user, context);
}
With the above code, I am getting an error, so there may be something missing or incorrect:
Error: access_denied, cannot set properties of undefined (setting callback)
Is this the correct method, or is there another way?
Solution
Unfortunately, It’s not possible to dynamically change where the SAML response is posted from a Rule. We’ll always POST the SAML response to the configured Application Callback URL regardless of how the destination is configured.
One solution to achieve this would be to configure a separate Application with its own SAML2 add-on configuration and make a second login request afterward to each application conditionally based on the org_id in the user’s ID token.