I am setting up SSO and have an issue with the service-provider initiated flow SAML use case.
- The IdP is ADFS.
- The SAML Idp Initiated SSO is working but SAML SP-initiated SSO flow doesn’t seem to redirect to the ADFS site for authentication. The identity mgmt. team is indicating that when they check the page source they are not seeing an attempt to redirect the user to the IdP for authentication.
The Salesforce.com settings for SSO includes a Identity Provider Login URL but does not specify an Identity Provider Logout URL but i understand the Logout URL is not required and should not impact the SP-initiated flow.
- The Service Provider Initiated Request Binding is set to HTTP
REDIRECT. Will changing this to POST help resolve the issue?
- If I ask them for a SAML assertion, will that help if I can run it through the validator?
Any other troubleshooting steps?
The resolution was to go to My Domain > Login Page Branding and change the Authentication Service to the SAML Single Sign-On Settings and uncheck “Login Page”