{
"audience": "https://billing.zohosecure.com/accounts/csamlresponse/10012345677",
"recipient": "https://billing.zohosecure.com/accounts/csamlresponse/10012345677",
"mappings": {
"email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"relayState": "aHC9kYWF4dGVfjhfkjhfjkhdjkfhfR5lsdjT45pvaG9Cb29rcwR0cHM6Ly9iaWxsaW5nLnpvaG9zZWN1cmUuY29tL3BvcnRhb=="
},
"signResponse": true,
"destination": "https://billing.zohosecure.com/accounts/csamlresponse/10012345677",
"nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailaddress",
"nameIdentifierProbes": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
]
}
Welcome to the Auth0 Community!
Hopefully my understanding of your use case is correct, in cases of IdP-Initiated SSO where Auth0 is the IdP, you need to navigate the user to the URL from the SAML2 Web App Addon → Usage tab, marked as Identity Provider Login URL.
In cases where the SP requires the RelayState, you can add the parameter manually to that link on the application side:
https://[your_domain]/samlp/[your_client_id]?RelayState=[the_desired_final_url_at_the_sp]
where:
[your-domain] - is your Auth0 canonical or Custom Domain;
[your_client_id] - is the client ID from the application you created to represent the SAML service provider for which you want to trigger the IdP-initiated login;
[the_desired_final_url_at_the_sp] - is the encoded URL to which you would want the service provider to navigate the user after receiving and validating the authentication.
Information was pulled from the solution on the following topic : Auth0 as Identity Provider Where IdP Initiates SSO - #3 by jmangelo
If you have a different use case, please let me know so we can further look into the matter.
Hope this helped!
Gerald
Thanks @gerald.czifra adding relayState worked to log me in to my sp.
But when I’m logging out it logs me out from SP and displays blank white page with ‘Not Found.’
My current logout url is “https://{auth0Domain}.us.auth0.com/v2/logout”
can we set a proper redirect url post logout.
Thank you for letting me know, glad I was able to help!
It sounds like you will need to set the Allowed Logout URL on the application level in order to redirect the user after logging out ( post-logout). There could be other factors at play here, but this is a safe first step to check.
Just leaving this documentation here as well in case it comes in handy : Log Users Out of SAML Identity Providers → it goes over how to set up SLO ( Single Log Out ) in case your application supports it. This would end the session and log the user out of all the applications connected to the same Connection, with a single Logout action.
Let me know if setting the Allowed Logout URL solved the issue for you and if not, we can further look into this.
Best regards,
Gerald
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.