We are setting up Google as an SAML v2 IdP initiated identity provider, the setup is working fine, and the SAML exchange is working & authenticated into FusionAuth.
Our API gateway (dotnet) is integrated into our FusionAuth via OIDC & when it redirects, it contains the code but is missing the state parameter (which i understand happens in a SAML IdP workflow, after reading the comments on github).
The redirect back to our gateway for example is:
/signin-oidc?code=j6rOnUBViLU1kR5UA2eKK_UTzc-cO2auei53TJU9X8g&locale=en_US&userState=Authenticated
Our gateway throws the error:
OpenIdConnectAuthenticationHandler: message.State is null or empty.
We have tried to disable state validation (not ideal), but that does not work.
options.ProtocolValidator.RequireState = false;
options.ProtocolValidator.RequireStateValidation = false;
You can see that Auth0 provides a hacky workflow in thier
documentation
Just wondering how I can get this to work? Any ideas?