Hi
I have what I thought was a simple issue that I’m struggling to address. I’m hoping I’m missing something obvious here.
My setup is a single applicaton in Auth0 that is configured for SAML. Works fine for SP initiated.
Customer also has an OIDC Enterprise connection enabled, which acts as a dashboard. The dashboard will have an app tile that contains the URL for the SAML application in Auth0, along with the connection parameter to ensure that all users are sent to the IdP to authenticate. The Auth0 authentication challenge should not be seen by customers.
So OIDC Enterprise connection. SSO to app via SAML.
What Works
For SP init, SAML app sends a RelayState which Auth0 returns in the SAML response after authentication via the IdP ( or standard Auth0 database connection ). All good, but this isn’t the required user journey which will be IdP initiated.
What Doesn’t Work
When the user journey starts at the IdP ( dashboard ) the applicaiton tile has the Auth0 SAML Application Login URL from the SAML application associated. That should trigger a request for the SAML application, using the IdP connector and result in the user authenticating to Auth0 and a SAML response being sent to the SAML application. However, the RelayState parameter sent to the SAML application along with the SAML response is blank and authentication fails. The app support team have provided a static value for the SAML RelayState parameter when access is IdP initiated but I cannot find anywhere I can configure that in the applicaiton in Auth0.
Other Options
I can make the dashboard link to the app trigger an SP init flow, but that means I can’t provide the connection parameter, and the users will see the Auth0 UI.
I considered Actions, but I can only decorate the SAML token, not determine that a RelayState parameter is sent with the SAML response to the target SAML application. I can’t see a way to add a parameter to the body of the POST request when the SAML response is sent. API object allows for setting alot of SAML related functions, but not RelayState
Outstanding Question
How do I set a static value for the RelayState parameter that is returned to a SAML application when the access is IdP initiated ?