I have an ASP.NET MVC application I am converting from LDAP to OKTA/SAML/SSO. Currently, after OKTA is called, our Okta group is passing me the user id in the header, this is the easiest solution for now as we also have some legacy Classic ASP sites being migrated over too.
For the current app, we have multiple landing pages to directly serve up specific forms for specific groups. You can think of it as URL/Home/GroupA, URL/Home/GroupB, etc. On these pages, first thing I check for is an authenticated user session, if it is not there, I send them to a login page, I save their entry and it is easy after the LDAP authentication to send them directly to the right set of forms. Users also should be able to jump from Group to Group if needed and there is a central page for them to select.
My understand is Okta wants to have a standard static redirect url to help prevent injection. I also saw some suggestion of putting this as a “state” parameter, which I am not sure I would be able to read by this passed header method of getting the user.
Is there anyway of passing these along, appending to the header (query string values, document referrer, etc)?
Another way I suppose would be to create specific urls for each of these groups, but that seems very wasteful. The idea was to be able to add links to these specific applications to directly go to the forms and not have to go through a landing page.
Thanks