<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y00006RYRXLSA5Okta Classic EngineOkta Integration NetworkAnswered2024-04-15T09:42:12.000Z2019-07-17T05:38:42.000Z2019-07-30T16:07:51.000Z

clfgz (clfgz) asked a question.

July 17, 2019 at 5:38 AM
SAML 2.0 - Office 365 - RelayState not working in IdP-initiated login

Hi,

 

I configured federation between Azure AD custom domain and Okta by using SAML protocol. Azure AD is the Service Provider and Okta is the Identity Provider.

 

I created a new SAML 2.0 application in Okta and set the SSO URL to : https://login.microsoftonline.com/login.srf and put the URL of my application in the Default Relay State.

 

The users log into Okta and click the application icon. The authentication works, but the problem is the user is redirected to https://portal.office.com instead of the URL configured in the Default Relay State.

 

Am I doing something wrong ?

Thank you

  • 2 answers
  • 5.22K views
VenkyS.69786 and 9wwp8 like this.

  • fabian.bahna1.5102194373023474E12 (Okta, Inc.)

    Hi Mathieu, 

     

    If the user is accessing the app through Okta via an IDP-initiated request, then the relay state you configured in Okta should work so you've done everything right. 

     

    To investigate this I recommend getting a SAML trace and confirm if the relay state is passed or not. If the relay state is passed correctly, you can go further and get a fiddler trace and see what happens after the SAML assertion and the relay state reach your app. 

     

    If you are not familiar with SAML/Fiddler traces or these don't show what the issue is, I recommend raising a ticket with the support team to further troubleshoot this issue. 

    Expand Post
    Selected as Best

  • fabian.bahna1.5102194373023474E12 (Okta, Inc.)

    Hi Mathieu, 

     

    If the user is accessing the app through Okta via an IDP-initiated request, then the relay state you configured in Okta should work so you've done everything right. 

     

    To investigate this I recommend getting a SAML trace and confirm if the relay state is passed or not. If the relay state is passed correctly, you can go further and get a fiddler trace and see what happens after the SAML assertion and the relay state reach your app. 

     

    If you are not familiar with SAML/Fiddler traces or these don't show what the issue is, I recommend raising a ticket with the support team to further troubleshoot this issue. 

    Expand Post
    Selected as Best

  • clfgz (clfgz)

    Hi,

    I can see the RelayState parameter and its value in the SAML HTTP POST Response to https://login.microsoftonline.com/login.srf. I can't tell if it is passed "correctly" per say.

     

    Could it be because Azure AD (SP) does not support RelayState ? Could I technically put www.google.ca in the RelayState and expect to be redirected to google after the authentication ?

     

    Thank you

    Expand Post
This question is closed.
Loading
SAML 2.0 - Office 365 - RelayState not working in IdP-initiated login