We have implemented a custom SSO extension which checks for the existence of a certain claim. If the claim is not present the user sees the saml2-error-result. That page offers a Try Again option which cycles the user back through the SSO process using the same user account. I need to provide an additional option to the Try Again option which will permit the user to enter a different credential. I have attempted to redirect to the original application url but the flow gives an error saying the SAML response can not be empty. What is the best way to redirect the user to allow them to enter an different credential in this situation?
This page/message is served from the <project directory>/resources/SAML/templates folder. You should be able to edit
and add an additional link/button that hits your SSO logout endpoint. I think the Mendix SAML logout URL might do the trick, which is:
Otherwise, you might need to use your IDP’s logout URL.