Most commercially-available or open-source SSO Identity Providers transmit the RelayState seamlessly by default.
Extract the RelayState from the HTTP headers with both the SAML Request and Response, and make sure that the RelayState values in the Request and Response match. Diagnose this issue further by capturing HTTP headers during a login attempt.According to the SAML standard specification, your Identity Provider should not modify the RelayState during the login flow. For authentication to complete successfully, the exact RelayState must be returned in the SAML Response.
Google Workspace provides this value to the Identity Provider in the SAML Request, and the exact contents can differ in every login. The SAML 2.0 specification requires that Identity Providers retrieve and send back a RelayState URL parameter from Resource Providers (such as Google Workspace).
0 kommentar(er)
