question

KrishnaKumar-5421 avatar image
2 Votes"
KrishnaKumar-5421 asked KrishnaKumar-5421 commented

Azure AD SAML IDP provider with relay state

We can federate a domain on AAD and configure a third party SAMLP as described here https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp.

When doing IDP initiated SSO to AAD it's ignoring the relay state parameter in SAMLResponse sent to AAD hence user lands on office portal always.

If there a way we can set the relay state in the SAMLresponse so that the user lands on the app directly after SSO to AAD instead of landing on portal.

If we start the flow using user access url of the app then the user lands on app directly but its SP initiated flow wanted to know if its possible with IDP initiated flow

azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

lifonghsu-5831 avatar image
1 Vote"
lifonghsu-5831 answered KrishnaKumar-5421 commented

Sorry, which third party SAMLP do you used?
I always get the error, AADSTS51004: The user account xxx does not exist in the yyy directory. To sign into this application, the account must be added to the directory.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

We used Citrix gateway IDP, the sign in works fine to AAD but it ignores the relay state sent in assertion to it.

1 Vote 1 ·