Troubleshooting Deep Linking Issues with SAML

    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth Version Affected: All versions


    Users are reaching the home page of the application instead of the intended page after single sign on. The SecureAuth IdP supports IdP-initiated deep linking, as long as the service provider or application supports it. For an SP-initiated setup, the service provider usually handles the deep linking, as long as the ACS is defined.


    When using an IdP-initiated setup, ensure that there is no Target URL defined in the Post Authentication tab, and the deep link is passed by "?Target=". 


    There are a few things to check for this issue:

    1. Go to the SecureAuth Admin Panel > Post Authentication tab
    2. Remove any URLs defined in the SAML Target URL. If a URL is entered in this field, the user will always get directed to that link.
    3. Ensure there is a SAML Consumer URL defined. This is what usually handles the deep linking by the service provider.
    4. Include a SAML Issuer, if it is required.
    5. If vendor requires the deep link to be passed as "RelayState", then switch the configuration from IdP-initated to SP-initiated. For IdP-initiated, the deep link must be passed as "Target".

      IdP-initiated = Target
      SP-initiated = RelayState

    Different apps have different requirements and this knowledge base article may not apply to every scenario. If you have any questions regarding this, please contact SecureAuth Support. Please note that new integrations may require additional fees.


    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products

    0 out of 0 found this helpful



    Please sign in to leave a comment.