Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Okta IDP Initiated RelayState

Tags:

okta

Can anyone tell me how to pass RelayState for an IDP initiated SSO connection. We have the SSO working but would like to deep link to a page within the service provider's application. They have instructed us on the RelayState to pass but I can't figure out how to format the URL for Okta. We are using the app embedded link and would like to append RelayState to the query string.

like image 339
Todd Avatar asked Jun 17 '16 13:06

Todd

People also ask

What is default RelayState in Okta?

Default Relay State: the URL that users will be directed to after a successful authentication through SAML. Endpoint: the URL's that are used when Service Providers and Identity Providers communicate to one another. Entity ID: a globally unique name for an Identity Provider or a Service Provider.

Is Okta IdP initiated SSO?

If your company wants to configure Single Sign-On with Okta, you can leverage one of Procore's supported SSO solutions: Identity Provider Initiated (IdP-initiated) SSO.

What is IdP initiated SAML?

IdP-initiated SSO involves an authenticated user clicking a button in the Identity Provider (IdP) and being redirected to the service provider along with a SAML response and assertion. The service provider is expected to accept the response and start a session for the user.

How does SAML RelayState work?

RelayState is a parameter of the SAML protocol that is used to identify the specific resource the user will access after they are signed in and directed to the relying party's federation server. Note: If the relying party is the application itself, you can use the loginToRp parameter instead.

1 Answers

For IdP initiated SSO (where you login to IdP first, then access SP), you can modify the RelayState under General SAML settings, like: edit default relaystate for IdP initiated sso

Note the app embed url is for IdP initiated SSO only, it shouldn't be used for SP initiated SSO as its IdP SSO URL.

When user accesses SP directly (without login to IdP first), it starts a SP initiated SSO. That's where you can append the ?RelayState=your_deep_link to the IdP SSO URL, so that after you login on IdP, it returns the deep link back to SP for you to redirect to.

And like @Thomas Kirk said, "you can find the IdP SSO URL url by clicking "View Setup Instructions" on the Sign On tab for the application in the admin console."

like image 181
Zj Wine Avatar answered Sep 25 '22 15:09

Zj Wine
Sign in to Comment

Related questions

Okta Sign-in widget breaks Jest tests - TypeError: Cannot read property 'backingStorePixelRatio' of null
"SignatureError: Failed to verify signature" - Okta, pySAML2
Okta introspect method returning bad request
Should dynamic query parameters be present in the Redirection URI for an OAuth2 (Autorization Code Grant Type)
Configure Okta to Mediate between our SP Application and IdP
Chrome Custom Tabs Initial Okta Auth Not Redirecting Back

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!