SAML IdP-Initiated SSO from Okta

Hello, we are just recently working on converting our authentication to Auth0 so we are still very new to this. Our regular ASP.NET web app with OWIN enabled is working well. Thanks to Auth0 quick start guide.

Now, we are thinking of adding SSO using Okta as IdP. Following the guide, we managed to get the application in Okta to flow to Auth0. But we are having trouble with IdP-initiated SSO. It redirected fine via the query string parameter. However, since we use cookie authentication and seems like cookie was not created after the redirect, our web application was not able to proceed.

We are definitely missing something here. Should we expect the middleware in our web app to handle the cookie creation since the response protocol is set to OpenID Connect or we have to handle the cookie creation ourselves?

I have been searching Auth0 forum and documentation for answers, but doesn’t get too far. Tracing the network call was not very helpful either. So any help to point us in the right direction is greatly appreciated.

Update 10/30/2019:
We managed to go a bit further. Under Connections > Enterprise > SAML > Settings > Idp-Initiated SSO > Query String, if we specify response_type of either “token”, “token id_token”, and “code id_token”, Auth0 will return the requested values in fragment, thus the server code won’t be able to reach it. Only by specifying “code”, i.e. response_type=code, will it return the value in query string.

However, after using the code to retrieve the access_token and using the access_token to get user profile through /userinfo endpoint, nothing is returned despite specifying openid in the scope.

Update 11/1/2019:
We ended up with a workaround and use JS to handle the redirection after Auth0 authentication. This post can be closed. :slight_smile:

Hey @nikki, I apologize for the delay in response on this topic. However, I’m glad to see you were able to generate a solution for the challenge. Please let us know if you have any questions in the future so we can work together on getting you an answer in a prompter fashion.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.