This article explains why users are not being redirected back to their selected service provider (SP) deep link while using SAML Single Sign-On; this is seen when the user has not authenticated with Okta.
For more information on deep links, Implementing Deep Links for SAML Applications in Okta.
Example:
- The user will click an SP deep link.
- This redirects to Okta for authentication.
- The user authenticates successfully with Okta but is not redirected to the original SP deep link selection.
Some behaviors may show the user being redirected to a default SP home page or the user is not redirected back to the SP but instead to their Okta home page.
- SP Deeplinks
- Redirect
- Single Sign-On (SSO)
- Security Assertion Markup Language (SAML)
In an SP-initiated sign-in flow, the SP sets the RelayState parameter in the SAML request.
In the case of a deep link, the SP sets the SAML request's RelayState with the deep link value. When the SAML response comes back, the SP can use the RelayState value to take the authenticated user to the right resource.
To understand why users are experiencing unwanted redirect behaviors when using SP deep links before authenticating with Okta as an IDP, contact the service provider for further triage of the configured relay state parameter. As an IDP, Okta does not set the relay state parameter when utilizing SP-initiated single sign-on.
