add custom handler for IDP initiated authentication

see: https://medium.com/@usamashaikh47/enable-sso-in-sap-commerce-cloud-backoffice-with-okta-48f17fc69ff1

core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/external-dependencies.xml

@@ -6,6 +6,11 @@
 	<version>4.1.1</version>
 	<packaging>jar</packaging>
 	<dependencies>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-saml2-service-provider</artifactId>
+			<version>5.6.1</version>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-oauth2-core</artifactId>

core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/project.properties

@@ -4,6 +4,7 @@
 
 # Location of the file for the global platform spring application context
 sapcxsinglesignon.application-context=sapcxsinglesignon-spring.xml
+samlsinglesignon.additionalWebSpringConfigs.sapcxsinglesignon=classpath:/sapcxsinglesignon/web/spring/idp-initiated-login-spring.xml
 
 ##############################################################################
 # General settings
@@ -25,6 +26,8 @@ sapcxsinglesignon.filter.idp.issuer=
 sapcxsinglesignon.filter.idp.audience=
 sapcxsinglesignon.filter.idp.claim.id=email
 
+sapcxsinglesignon.backoffice.defaulturl=/
+
 sapcxsinglesignon.replicate.creation.enabled=false
 sapcxsinglesignon.replicate.removal.enabled=false
 

core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/resources/sapcxsinglesignon/web/spring/idp-initiated-login-spring.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+    <bean id="cxIdpInitiatedSamlAuthenticationSuccessHandler" class="tools.sapcx.commerce.sso.saml.IdpInitiatedSamlAuthenticationSuccessHandler">
+        <property name="defaultTargetUrl" value="${sapcxsinglesignon.backoffice.defaulturl}"/>
+    </bean>
+</beans>

core-customize/hybris/bin/custom/sapcxtools/sapcxsinglesignon/src/tools/sapcx/commerce/sso/saml/IdpInitiatedSamlAuthenticationSuccessHandler.java

@@ -0,0 +1,31 @@
+package tools.sapcx.commerce.sso.saml;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+
+public class IdpInitiatedSamlAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
+	private static final Logger LOG = LoggerFactory.getLogger(IdpInitiatedSamlAuthenticationSuccessHandler.class);
+
+	@Override
+	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
+		if (authentication instanceof Saml2Authentication) {
+			String relayStateURL = request.getParameter("RelayState");
+			if (StringUtils.isNotBlank(relayStateURL)) {
+				LOG.debug("Redirecting to RelayState Url: " + relayStateURL);
+				getRedirectStrategy().sendRedirect(request, response, relayStateURL);
+				return;
+			}
+		}
+		super.onAuthenticationSuccess(request, response, authentication);
+	}
+}