Print this page

Relaystate Param is returned as NULL from IDP

Knowledge Article Number 000213508
Description The user makes a request to for a specific resource: This request may happen in a variety of ways for a variety of reasons. For example, the user may be following a bookmark, clicking on a link from an email, of allowing their browser to auto-complete. detects the user needs to authenticate and redirects the user to their SAML Identity Provider: Since the user doesn't present a session cookie, they need to authenticate. An organization-specific hostname allows the user's Org to be discovered, and they are sent over the SAML protocol. Along with a SAML Request, a form parameter called RelayState is passed along to the IDP. This captures the location of the resource the user originally requested.
If you are using SAML 2.0, RelayState parameter controls where users get redirected after a successful login.

Issue: If the RelayState returned from IDP is NULL in SAML response, user is landed in the Home page by default.
Resolution Verify SAML request & response to check if there RelayState param is not NULL. You can use Fiddler logs or SAML tracer(Firefox Plugin) to check this.

Example Request sent to IDP:
RequestBinding: HTTPPost
so: 00Dx0000000XXXX
RelayState: /00O/0

Example Response returned from IDP:
so: 00Dx0000000YYYY
Relay State
In the above example, "/00O/ is the object key prefix to reports. After successful sign on, user is automatically redirected to Reports tab in salesforce.

Note: Salesforce does a POST request, so check your IDP url that is provided by your IDP is not doing a GET request. Else, Relaystate param will be returned as NULL.

Developer DocImplementing Single Sign-On Across Multiple Organizations


promote demote