How to make a saml request with php / fusionauth?

Hi we have our own login page (not fusionauth hosted) with a button "Login with SAML". Once the user clicks this page we do this https://fusionauth.io/docs/v1/tech/apis/identity-providers/samlv2#start-a-saml-v2-login-request which returns a code.

The next step in the docs say to do this: https://fusionauth.io/docs/v1/tech/apis/identity-providers/samlv2#complete-a-saml-v2-login but is there a step missing before this? Don't we have to redirect the user to the idp's login page and pass the saml request with the returned code? How do we make this request? This step isn't documented. Is there a fusionauth function or api endpoint that we call that does this redirection and saml request creation for us?

Hi.

I was reading the idp setup doc and realized this linking strategy isn't there anymore in the identity provider edit settings

We need this to restrict users from being created on fusionauth if they were not already on fusionauth after logging in from a sso idp, like okta idp for e.x.

Why was this setting removed? How do I apply this to my application now?

Hi. In our tenant, users have the option to use "Login with SSO/external idp" button or login with fusionauth normal login page.

We would like to show the user a different UI if they logged in with SSO on our site (not fusionauth hosted pages, our own site).

I see in the User's sessions tab, there's a "Single Sign-on" attribute.
1) Is this the right way to get this information? And if so, how do we do this via api? I couldn't find it in the docs.
2) How do we get via api WHAT external idp the user registered with?

Thanks so much for the help!

How do we retrieve whether an application supports logging in with external idp using the fusionauth api? i.e: sso.

We have dedicated login pages on our site oursite.com for each company, and on each of these, there may or may not be a "Login with your external idp" button.
How do we retrieve this information from the fusionauth api?

Right now we're trying to setup an external idp samlv2 connection from okta to our application in fusionauth to support sso for our client.

We followed all the instructions here: https://fusionauth.io/docs/v1/tech/identity-providers/samlv2-idp-initiated/okta

After the user logs in using the okta login page, they get redirected to our fusionauth page but this shows up:

After clicking the "Register" button, it redirects to this page

The login looks successful, just the response handler url seems wrong?

1. Where is this setting set? Response handler should be venngage.fusionauth.io instead of local.fusionauth.io

2. How do we capture the authenticated response on our own login handler (oursite.com/samlv2/login) and link the external IDP user to a new user on fusionauth without having to ask for the first/last name? Are we supposed to be using SAML v2 instead of SAML v2 Initiated?
   The desired flow should be:

• First, user logins on okta sso login
• Next, user is redirected to fusionauth which creates the user automatically on fusionauth with okta first/last name.
• Next, redirects to our hosted login handler: e.x: oursite.com/samlv2/login which takes in the authentication response and user information for our site's registration.