SAML2 web app account linking


I’ve got an single page application that uses the SAML2 web app addon with Auth0 as the SAML identity provider in AWS Cognito. Users sign in via username and password and Google sign in. This all works fine and SAML2 seems to be correctly configured.

I’ve been using the account linking extension provided to link Google and username-password accounts together where the user is prompted and authenticates this link.

The problem is when the account link is complete I get redirected back to the “saml2/idpresponse” endpoint which I assume is the callback url the account linking extension is using.

Replacing “redirect_uri” in the code for the account link rule that the extension installs with “” means I get redirected back to the right place.

Is there a right way of doing this when using SAML2? I couldn’t find much in the docs about this specific use case.


This is no longer an issue for us. We’re using Auth0 as an OIDC identity provider in Cognito instead of SAML which actually fits our needs better.

This seems to work flawlessly with the account linking extension so I think this must be a SAML specific issue.