Passing and retrieving RelayState in SP initiated SSO with Okta IDP

0
votes

I am trying to pass on a URL as RelayState in the SAML request from SP to IDP so that I get it back once the authentication is complete. But, I am not able to figure out how to do so. I am using sustainsys.saml2 for the saml configuration in my ASP.NET WebApi application.

Question 1: Currently, I have a URL something like this:
http://example.com/tmwebapi/saml2/signin?http://www.okta.com/hgdhsg324234jhsdf.
When I enter this in address bar, it redirects me to the IDP interface. How to pass the RelayState here?

Question 2: Once the RelayState is passed successfully, I want to be able to extract it in the ACS endpoint. How can I do that?

Please let me know if anyother information is required. Thanks in advance.

1
asp.net-web-apisingle-sign-onsaml-2.0okta-apisustainsys-saml2

1 Answers

0
votes

Using the /Saml2/Signin endpoint it is not possible to preserve custom information across the authentication call. You can preserve a return url by adding a ReturnUrl parameter to the query string.

If you use the API instead, you can put any state you want to preserve in the AuthenticationProperties dictionary. It will then be available after the authentication is completed. This is how the ReturnUrl is implemented.