User1663763855277303717 (Customer) asked a question.
I have a web app that uses Okta with OIDC. Now I want to use an external IDP. Created the Identity provider in Okta(SP), Also set the Web App Application in Okta(IdP) and set the relay state to multiple values but none of them work.
What I am looking for is that using the Embed Link form the Idp Okta, someone initiates the authentication and finally lands on the Web App that's configured with Okta(SP)
Here this video(https://www.youtube.com/watch?v=tLaFX3t_rZA ) is what I am looking for. but I am not taken to the web app(okta-auth-js-getwithpopup.glitch.me?login). This app is set up as an application in the SP Okta with OIDC
I have added in the okta OIDC app "Initiate login Uri" If this is what okta uses, the same Uri has been set in the "Default Relay State" field on the IdP app, which is used to redirect the user after a successful SAML. However, in my case, okta finally redirects to the below URL
https://dev-xxxxx.okta.com/signon?fromLogin=true
that is the domain is ignored and the URL path is appended to the base domain ("https://dev-xxxxx.okta.com")
It is not redirecting outside the base domain("https://dev-xxxxxx.okta.com")
Also, Please confirm, that to achieve the above, I need to redirect to a page in my web app where I initiate the authentication again with Okta. So that, my OIDC app gets the ID tokens and an authentication response on the "Sign-in redirect URIs" setup on my Web app.
Building Apps with Okta and using SAML Inbound Federation from another Okta customer
Here we have an App that authenticates with Okta via OIDC.
Now a Customer (who uses Okta) wants to add SAML inbound federation to my app.
https://developer.okta.com/docs/guides/add-an-external-idp/saml2/main/
Chapters:
00:00 1. Context
02:09 2. Add SAML App on Customers Okta (IDP Side)
03:19 2.a. Map Attributes
04:00 2.b. Save URLS & Cert to send to SP
04:18 2.c. Create Group, Assign App & Users to Group
05:19 3. Create External IDP on Service Provider (SP) Side
06:17 3.a. Input URLS and Cert from Customer
07:02 3.b. Set Routing Rules For Customers Domain
07:53 3.c. Copy SP SAML configs back to Customer
08:48 4. Test!
it seems it should work:https://support.okta.com/help/s/article/Redirect-users-to-specific-page-during-SAML-SSO?language=en_US#:~:text=Set%20the%20%22Default%20Relay%20State%22%20value%20in%20the,the%20desired%20landing%20page%27s%20URL.%205%20Click%20Save.
could you take a screenshot of the network in the develop model of Chrome or by saml trace plugin.
Update: Turns out if the "Default Relay State" set on the identity provider side is not set as trusted origin of type redirect, Okta cant perform the redirection to the relay state URL rather takes you to the dashboard homepage of the service provider after the Idp initiated login.
Had to follow: https://support.okta.com/help/s/article/SAML-RelayState-redirecting-to-app-UserHome?language=en_US