SAML20 module not redirecting to original URL after login

0
I'm using Mendix with the SAML20 marketplace module. External links are generated by another system that point directly to a page with parameters, for example:https://appurl.com/p/page/202606011444/123456/L/CHI/258963 When an unauthenticated user opens this link, they are redirected to the identity provider for login. After successful login, the user is redirected to the homepage instead of the original URL.I have tried passing the destination URL as an r-parameter in the discovery URL:https://appurl.com/SSO/discovery?r=https%3A%2F%2Fappurl.com%2Fp%2Fpage%2F202606011444%2F123456%2FL%2FCHI%2F258963 But this still redirects to the homepage after login.When an unauthenticated user opens the original link, Mendix redirects them to login.html without preserving the original URL in any way (no parameter or similar).The app has anonymous users enabled with a Guest role, which has a custom login page as its homepage.Questions:Is there a way to make the SAML20 module respect the r-parameter as a return URL after login?Is there any configuration needed to enable this behavior?Is there another recommended approach for this use case?Any help is appreciated!
asked
2 answers
0

The behavior you are seeing is expected if the original URL is not preserved before the SAML authentication flow starts.


A pattern I have implemented for similar use cases is:

  1. When an anonymous user accesses a deep link, capture the full URL (window.location.href) before starting SSO.
  2. Store it in localStorage
  3. Trigger the SAML login flow.
  4. After successful authentication, use a post-login nanoflow to:
    • retrieve the stored URL
    • validate it belongs to your application
    • redirect the user back to that URL.


I do not believe the SAML20 module automatically honors an arbitrary r parameter on /SSO/discovery as a post-login return URL. In most projects I have worked on, this requires custom handling of the original request URL.


Another option worth considering is the Mendix Deep Link module. If your target page can be represented as a Deep Link, Mendix can handle routing more cleanly after authentication.


Kindly mark this as the accepted answer if it helps.


answered
0

Hi Johan


Try Remove Guest/Anonymous role access from the target page.Once the page requires authentication, Mendix will Capture the original /p/page .... URL and Trigger SAML SSO automatically and Redirect back to the original URL after successful login.

but if it didnt work then and still redirects to homepage, the only reliable workaround is the login.html client-side approach in your index.html 

// In login.html — before redirect to /SSO/
sessionStorage.setItem('postLoginUrl', window.location.href);

// After login completes
window.mx.afterLoginAction = function() {
  var target = sessionStorage.getItem('postLoginUrl');
  if (target) {
    sessionStorage.removeItem('postLoginUrl');
    window.location = target;
  }
};

paste this code This captures the original URL before SSO kicks in and restores it after. This approach works regardless of platform limitations.

answered