Hello Everyone,
A few weeks ago, I posted a question about Scoping and got some helpful responses that allowed us to make progress. However, we’ve hit a new roadblock related to the RelayState on the return from the idp.
We receive the Assertion, but the default return URL is being used instead of the one specified. Here’s the request we see on return:
GET https://XXXXXX.XX:7001/eIDAS/AssertionConsumerService?SAMLart=AAQXXXXXXXXXXXB%2BwzWqoElqi9oFMy8hAa7I%3D&RelayState=%2Flogin-callback%2Flogin_success 200
GET https://XXXXX.XX:7001/Identity/Account/ExternalLogin?handler=Callback
The Login action we’re using (suggested in my previous post) is as follows:
[Route("login")]
[HttpGet]
public async Task<IActionResult> Login(string returnUrl)
{
var ssoOptions = new SsoOptions()
{
TrustedIdentityProviders = new List<ITrustedIdentityProvider>()
{
new SsoOptions.TrustedIdentityProvider()
{
ProviderID = "urn:etoegang:xxx:xxxxxx:entities:xxxxx"
}
}
};
string partnerName = "urn:xxx:xxxx:xxxxxxxxxx:entities:xxxxx"; // Replace with your partner's name
await _samlServiceProvider.InitiateSsoAsync(partnerName, returnUrl, ssoOptions);
return new EmptyResult();
}
In our Startup configuration, we’ve set the following option:
options.AssertionConsumerServicePath = "/eIDAS/AssertionConsumerService";
Question:
Does anyone know why the specified returnUrl isn’t being used? It seems to default to the hardcoded return URL regardless of the RelayState or the passed returnUrl.
Thanks in advance for your help!