'Can I configure multiple tiles pointing to the same SP application with different default RelayState in Okta?

I have a service (SP) using Okta SAML SSO. I want to expose multiple landing pages of my service as separate tiles in Okta for IdP-initiated login. Can I create multiple tiles pointing to the same SP application, but with different default RelayStates? Is this a reasonable approach? Will it work with other IDPs?

samloktaidp


Solution 1:[1]

No, it won't be possible, b/c for each of the applications created in Okta you will have a separate set of IdP metadata, which you won't be able to configure on SP side.

UPDATE: Actually after posting the answer, I double checked, that it MAYBE possible if you create all those applications through API:

  • they need to have the same IdpIssuer
  • after creating all of them you need to clone a certificate from one application to all Okta App API reference

I have not tried this approach by myself, but you may give it a try

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

Logging into SAML/Shibboleth authenticated server using python

Configuring Oracle APEX to use SAML authentication

SAML response and assertion is signed/unsigned?

Why is Cognito rejecting my SAML assertion?

Howto disable signature verification in Spring Security SAML 5.6.1?

InResponseToField error after Spring Session upgrade

How to change outgoing claims for SAML based SSO in Azure AD?

Sustainsys.Saml2 - Saml2/Acs endpoint returns Error 500 when processing SSO

How to get metadata xml for SAML IdP initiated SSO

AADSTS75011 Authentication method by which the user authenticated with the service doesn't match requested authentication method AuthnContextClassRef

Get expiration date of signing certificate(s) within a SAML metadata file

Shibboleth IDP with ADB2C integration

How can I diagnose the cause of AWS Cognito's SAML assertion processing errors?

AWS Cognito in place of Keycloak [closed]

RFC - Adding Group Claims from OKTA to Role Claims in .net Framework Using OIDC