Okta - SAML redirect

1
votes

I've configured a SAML2.0 IdP in Okta (i.e. Okta is SAML2.0 SP).

After successful IdP initiated authentication via SAML, I want user to be redirected to a custom app. Therefore I configured the "Relay State" on Okta (SP) to h_ttps://mydomain/customApp/customPath.

However, for security reasons, I think the user is not being redirected by the SP to an absolute URL but instead get's redirected to h_ttps://mycompany.okta.com/customApp/customPath (which is obviously not a valid URL).

How do I have the user redirected to this URL after successful SAML auth? h_ttps://mydomain/customApp/customPath

Thanks, Jatin

1
samlokta

1 Answers

1
votes

You probably figured this out by now, but you can pass a parameter called RelayState which will redirect to your destination.

It sounds like you have an IDP and a SP (both could be okta).

When you send the SAML assertion to the SP, you pass parameter like this.

h_tps://oktasp.okta.com/auth/saml20/appname?RelayState=https://targetsystem.com

Now, if you are directing to another SAML application, and the application is in Okta. Okta has embedded links for application, you can ignore the first parts of the embedded link.

For example: if the embedded link is

h_tps://sp.okta.com/home/bookmark/0oa9qapjgbRHdKexm0h7/1280

You can just set the relay state to : /home/bookmark/0oa9qapjgbRHdKexm0h7/1280

Like so:

h_tps://oktasp.okta.com/auth/saml20/appname?RelayState=/home/bookmark/0oa9qapjgbRHdKexm0h7/1280

There are also some security features, to make redirect_uri's valid. So if it is an application that is not on the Users dashboard, you can send them there.

Lots to explain, I hope it help som.