Redirect to local app after IdP sign_in

I have a SAML IdP configured in OKTA to authenticate against my PingOne application. I am using the OKTA widget and have a routing rule set up in OKTA to route emails from a specific domain to PingOne. Authentication works just fine.
-I receive the login page from my okta widget with just the email field.
-I am then routed over to PingOne to authenticate my user.
-I receive the SAML response back from PingOne
-My user is JIT’ed into OKTA as expected.
-After that I am redirected back to the okta home page (signed in as the user).

The final redirection back to OKTA’s home page is what I am having trouble with. I want to be redirected back to my local application with an access token or authorization code in the response (depending on what I ask for via responseType.

As a side note: I also have users that aren’t PingOne users. They are Okta authenticated users. I can log in with these users and get the proper redirection (back to my app). This, of course, isn’t using my Okta IdP configuration or the routing rule.

I feel like this is a simple config setting that I am missing but can’t seem to come up with the right one. Any help on this would be greatly appreciated.

thank you in advance

Having a similar issue. @bcurcio were you able to find a solution?

Cheung,
yes, I was. Add a request context to your widget okta config.

  features: {
    idpDiscovery: true,
  },
  idpDiscovery: {
    requestContext: '<URL to redirect back to my app>',
  },
2 Likes

@bcurcio
I have the exact use case you have. in my case the cookies isn’t created at all. But the okta system log shows the user is authenticated successfully. and when I traced the saml flow it should be working too.

Hi Bcurcio,

Are you able to get token or code back as well? With your recommendation, I get redirect back to my app, but need to have code / token for next step.

Thanks

That’s expected behavior and is noted in the Widget readme. Your application will need to trigger the /authorize request after the federated user is redirected back to it.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.