What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?
Correct Answer: B
Explanation:
In SP-initiated Single Sign-On (SSO), the RelayState parameter is used by the Identity Provider (IdP) to redirect the user back to a specific page at the Service Provider (SP) after successful authentication. It essentially stores the target URL or state information from the Service Provider side, so that once login is complete, the user is returned to the correct destination within the SP application. It does not represent the login URL of either provider, nor does it originate from the IdP redirect logic. Therefore, the correct understanding is that RelayState is tied to the Service Provider’s redirect destination URL or state information.
Question 2
Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers
Correct Answer: B, D
Explanation:
In SP-initiated Single Sign-On (SSO), the RelayState parameter is used by the Identity Provider (IdP) to redirect the user back to a specific page at the Service Provider (SP) after successful authentication. It essentially stores the target URL or state information from the Service Provider side, so that once login is complete, the user is returned to the correct destination within the SP application. It does not represent the login URL of either provider, nor does it originate from the IdP redirect logic. Therefore, the correct understanding is that RelayState is tied to the Service Provider’s redirect destination URL or state information.
Question 3
Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SP- initiated SSO work? Choose 2 answers
Correct Answer: A, D
Explanation:
For SP-initiated SAML Single Sign-On in Salesforce (where Salesforce is the Service Provider), the system must be configured to trust and communicate with the external Identity Provider (IdP). Option A (Configure SAML SSO settings) is required because Salesforce must define the SAML configuration, including issuer, certificate, and IdP login URL, to enable SSO authentication. Option D (Set up My Domain) is also required because Salesforce SSO (especially SAML-based and SP-initiated flows) depends on My Domain to provide a custom login URL that supports redirection and authentication routing. Option B (Create a Connected App) is incorrect because Connected Apps are typically used when Salesforce acts as the Identity Provider, not the Service Provider in this context. Option C (Delegated Authentication) is not used for SAML-based SSO since it is an older authentication method that relies on external validation via API rather than SAML assertions.
Demo Practice Mode
You are viewing only the questions marked as Demo.