Salesforce SSO and SimpleSAMLphp – not redirecting to startURL on logon

I am using SimpleSAMLphp as an Idp and Salesforce as the Sp. I have it working so that I can go to the Salesforce login page and use the additional button to logon using SSO, as per step 1 in this guide:
https://salesforce-developer.net/salesforce-sso-with-simplesamlphp

However, I need to redirect the user to a specific Visualforce page. I have tried adding the attribute for the startUrl into the SAML to no avail:

<saml:AttributeStatement>
    <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">
        <saml:AttributeValue xsi:type="xs:string">uid</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute Name="startURL" NameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">
        <saml:AttributeValue xsi:type="xs:string">https://mysfdomain/myvfpage/</saml:AttributeValue>
    </saml:Attribute>
</saml:AttributeStatement>

I’ve also tried adding in the ssoStartPage to no avail. Any help in redirecting this to the correct page would be appreciated.

Cheers, Lee

Answer

You’re looking for the RelayState parameter. On a successful login, the RelayState should be passed back to Salesforce. This will cause Salesforce to redirect to the correct endpoint. It took me a month to figure this out the first time we started using SSO. The RelayState will be provided from salesforce, so you just have to relay it back across the URL exactly the way you received it.

For example: https://mydomain.my.salesforce.com/apex/Page will result in a SAML request like https://adfs.contoso.com/adfs/ls/?RelayState=%2Fapex%2FPage&SAML=saml-data. Simply make sure that RelayState makes it back to salesforce.com and it’ll work.

Attribution
Source : Link , Question Author : Lee , Answer Author : sfdcfox

Leave a Comment