Noticed something strange when testing - I am happy it seems to be working, but that is the part that scares me if I start to relay on it.
I have an ASP.NET MVC app that we are looking to integrate with Okta/SAML/SSO.
This application has MULTIPLE entry points depending on where the user is coming from
Think of it as
App/DefaultLanding
App/AppAEntry
App/AppBEntry
etc.
For LDAP I had two ways of accomplishing this, letting the user get to the endpoint URL, if not authenticated, passing them to the login page and then back to their entry page, or by sending them to the default page which was the login page, looking for the passedApp=A etc on the query string etc.
When we were first trying with Okta in our stage, none of those other entries work. All extra URL information was lost, and the users would all be sent to App/DefaultLanding regardless.
We found out that we should be able to use RelayState as a parameter to act the way passedApp did, out Okta Admins turned this on and I changed my code to look for RelayState as well, but now ALL 3 paths seem to work.
Is this a new feature or change? If seems for our stage/test environment, all information at the end of the URL, where it is direct pathing to subpage, or a series of parameters besides RelayState are being passed through after the Okta authentication.
This would greatly simplify my life - Just concerned it is too good to be true, and nervous on relying on it. I had spend an hour plus talking with Okta staff over this scenario like 4 to 6 weeks ago when they were in Boston, so maybe they saw it had value and implemented it.
It did not work 2 or 3 weeks ago, but does today, so real curious if this is a new feature (if so… Thank you!)