[FEATURE] Not Maintaining Relay State During IDP Initiated SAML Flow

[ogi28]

What is the bug?
When using an IDP Initiated SAML Flow with OpenSearch Dashboards, the RelayState provided by the IDP is dropped after authentication. As a result, the user is always redirected to the default entry page instead of the specific dashboard or URL specified in the RelayState.

How can one reproduce the bug?

Steps to reproduce the behavior:

Configure OpenSearch Dashboards with SAML authentication using an Identity Provider (IDP).
Initiate a SAML flow from the IDP with a specific RelayState that points to a particular dashboard or URL.
Complete the authentication process in OpenSearch Dashboards.
Observe that the user is redirected to the default entry page instead of the URL specified in the RelayState.

What is the expected behavior?
After successful authentication, the user should be redirected to the URL specified in the RelayState, allowing dynamic redirection to specific dashboards or URLs.

What is your host/environment?

OS: Tried Docker and tarball install
OpenSearch Dashboards Version: 2.15
OpenSearch Version: 2.15
Plugins: Default ones

Do you have any screenshots?
No

Do you have any additional context?
This issue impacts workflows that rely on dynamic redirection post-authentication, such as directing users to specific dashboards based on the RelayState. Any guidance on whether this behavior is expected or if there are plans to address this would be appreciated.

[cwperks]

[Triage] Thank you for filing this issue @ogi28 . I updated the description to mark this as a feature request since this is not currently supported in the security-dashboards-plugin.

There is a feature in advanced settings called default route which can be set on a tenant basis to log users of that tenant into the configured route, but there is no support for RelayState at the moment.