The API doesn’t offer relayState as a parameter for SendSSO method whereas the IDP Initiated SSO api call does. Is this not necessary or handled by the incoming authn request?
New to SAML 2.0 SSO so I apologize if the question makes no sense.
Thanks!
Relay state serves two completely separate purposes. For IdP-initiated SSO, the relay state specifies the landing page at the service provider once SSO completes. For SP-initiated SSO, it’s a mechanism for the service provider to maintain state information between sending the authn request and receiving the SAML response. Relay state may be sent along with the authn request and the identity provider must return this relay state along with the SAML response.
For IdP-initiated SSO, our API exposes the relay state. For SP-initiated SSO, we handle the relay state internally and do not expose it to the calling application.