function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Venkat PenukondaVenkat Penukonda 

How to read SAML attributes from a service provider's VF page?

I have a requirement where an external IdP posts SAML to my SF org.  The IdP uses both Recipient URL and a Relay State URL.
Recipient URL points to my SF org login page, where as Relay State URL points to a deeplink within the org, which is a VF page.
The SAML assert from IdP also has some additional SAML attributes with some data like User's address etc.

I configured  SF as service provider and getting successful SSO into my SF org directly upto the VF page defined by the relay state URL.
This means, when the user clicks a link in IdP page, due to this SSO, user directly lands in the deeplinked VF page in my org. 

Now the issue is how to read the SAML attributes from this VF page? Idea is to get/read the SAML attributes though a controller and display that data on the page for the user.  For example, I need to read the 'address' SAML attribute to get its value.  I could n't find any SF documentation about how to do this, but I am sure many others must have implemented similar requirement already.

Any help is greatly appreciated.
Neena BhoirNeena Bhoir

I too have same requirement, got any work around.

Venkat PenukondaVenkat Penukonda
I talked to SF support and found out that Salesforce does not support reading SAML attributes.

Work around is to use query params in the Relay State URL to pass the required data to the receiving page. Then in the VF/Controller, we can read the params as usual.  For the security, it is advisable to to pass the query parameters as an encrypted and base64 encoded string. In the controller code, this can be decoded, decrypted, parsed into individual parameter value pairs.

Hope this will help others who are having similar requirement.