For our SAML IdP-Initiated SSO, we use OpenID Connect in Response Protocol. We get an idtoken in the final redirect, but it is in the browser hash like foo.com/#id_token=
The problem is that browsers don’t send params after # to the servers, so our server doesn’t see this token. Is there a way to get this token as a POST param or proper GET param that our server can see.
We want to redirect the user to different urls based on what is in the id token, and we want to do that all in the server.