I know that an enterprise connection has a default ipd-initiated application that it forwards to on an idp-initiated login. Is there a way either in the saml assertion or query string to specify either a different application or a different callback site for the login to land on? I’m trying to avoid having to set up a unique SAML connection for each possible landing page in an idp-initiated flow.
This post is very similar, but I don’t see an answer: IdP-Initiated SSO where IdP provides the redirect_url
Thanks!
1 Like
If you want to accomplish this in the callback code, you will need the IdP to supply the RelayState in the SAML Response. Once verified by Auth0, the resulting hash to the callback route will contain a “state=” parameter, that will hold the value of the relaystate (i.e. http://yoursite.com/callback#accessToken=xxxx&idToken=xxxx&state=https://myothersite.com/home).
For our system, which is a collection of microsites, we tell the IdP to include a full, valid, url for the RelayState, then take the hash that is sent to the callback url, parse it, and retrieve the “state” value, if it exists. For us, that value goes through several internal checks to ensure it is valid and then sends the user to the desired landing page.
Another option, if every user from that connection is going to land on the same location, is to include a “redirect_uri” in the connections query string parameters in Auth0.