- The SSO Implementation Guide says that when defining the start page when using SAML 2.0, the start page is "the page the user attempted to access before they were authenticated. The SAML 2.0 start page must support Sp-init single sign-on."
How do we make the start page support Sp-Init SSO?
- In the same place it is also said that "If you are using SAML 2.0, you can also use the RelayState parameter to control where users get redirected after a successful login."
How may we enable the use of RelayState? Where should we define it?
- Does force.com do any additional validation of the Identity Provider certificate, in addition to certificate chain validation? For instance, is the certificate Subject verified against the Identity Provider (Issuer property) defined in SSO configuration?
- Must certificates used by Federated SSO be signed by a CA?
- The SSO Implementation Guide says that when defining the start page when using SAML 2.0, the start page is "the page the user attempted to access before they were authenticated. The SAML 2.0 start page must support Sp-init single sign-on."
How do we make the start page support Sp-Init SSO?
- In the same place it is also said that "If you are using SAML 2.0, you can also use the RelayState parameter to control where users get redirected after a successful login."
How may we enable the use of RelayState? Where should we define it?
