I think this addresses most things

.env.example

@@ -24,7 +24,8 @@ LOG_LEVEL=debug
 # Nodemailer config
 NOTIFICATIONS_EMAIL_USER="no-reply@senecacollege.ca"
 MAILHOG_SMTP_PORT=1025
-SAML_IDP_METADATA_FILE='./config/idp-metadata.xml'
+
+# SSO Config
 HOSTNAME = http://localhost:8080
 # Our apps's Entity ID, which is also the URL to our metadata.
 SAML_ENTITY_ID=http://host.docker.internal:8080/sp

CONTRIBUTING.md

@@ -58,6 +58,18 @@ $ npm run db:studio
 
 > **Note** `npm run build` needs to be executed the first time running the project. As it generates a `build/server.js` script that `npm run dev` depends on. Subsequent times, only `npm run dev` is needed to run the app in development mode.
 
+## SAML Accounts to use in Dev
+
+Our IDP is configured with a few accounts that exist for testing, the usernames and passwords to use are as follows:
+
+| user        | pass      |
+| ----------- | --------- |
+| user1       | user1pass |
+| user2       | user2pass |
+| lippersheyh | telescope |
+
+They can be configured in `./config/simplesamlphp-users`
+
 ## `.env` and `./dev-secrets/*`
 
 Some application configuration is managed via environment variables, others as secrets (i.e., files).

app/routes/login.tsx

@@ -24,11 +24,12 @@ export const action = async ({ request }: ActionArgs) => {
   // If not then create a login request to the IDP's redirect binding
   if (!user) {
     const context = await createLoginRequest();
-    return redirect(context);
-  }
-  if (user) {
-    return redirect('/');
+    const url = new URL(request.url);
+    const returnTo = url.searchParams.get('redirectTo') || '/';
+    return redirect(context + '&RelayState=' + returnTo);
   }
+
+  return redirect('/');
 };
 
 export default function Login() {

app/routes/login/callback.tsx

@@ -48,24 +48,25 @@ export const action = async ({ request }: ActionArgs) => {
 
   const formData = await request.formData();
   const body = Object.fromEntries(formData);
-  const samlResponse = await parseLoginResponse(body);
+  const { attributes } = await parseLoginResponse(body);
 
   // Try and extract the username and see if there is an existing user by that name
-  if (!samlResponse.attributes.sAMAccountName) {
+  if (!attributes.sAMAccountName) {
     // TODO: Make this redirect to access denied page
     return redirect('/');
   }
-  const username = samlResponse.attributes.sAMAccountName;
+  const returnTo: string = body.RelayState ? body.RelayState.toString() : '/';
+  const username = attributes.sAMAccountName;
   // get or create user
   let user = await getUserByUsername(username);
 
   // If not create one
   if (!user) {
     user = await createUser(
       username,
-      samlResponse.attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname'],
-      samlResponse.attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'],
-      samlResponse.attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress']
+      attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname'],
+      attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'],
+      attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress']
     );
   }
 
@@ -74,6 +75,7 @@ export const action = async ({ request }: ActionArgs) => {
     request: request,
     username: username,
     remember: false,
-    redirectTo: '/',
+    // redirectTo: '/',
+    redirectTo: returnTo,
   });
 };

app/saml.server.ts

@@ -3,6 +3,7 @@
 import * as samlify from 'samlify';
 import * as validator from '@authenio/samlify-node-xmllint';
 import { readFileSync } from 'fs';
+import secrets from './lib/secrets.server';
 
 samlify.setSchemaValidator(validator);
 
@@ -28,7 +29,7 @@ const sp = samlify.ServiceProvider({
 
 // Take the metadata stood up by the IDP and use it as the metadata for our IDP object
 const idp = samlify.IdentityProvider({
-  metadata: readFileSync(`${process.env.SAML_IDP_METADATA_FILE}`),
+  metadata: readFileSync(secrets.SAML_IDP_METADATA_FILE),
 });
 
 export function metadata() {

dev-secrets/SAML_IDP_METADATA_FILE

@@ -0,0 +1 @@
+./config/idp-metadata.xml