Hello @Eduardo Bravo Casas
Thank you for posting your query on Microsoft Q&A.
In the case of SP-Initiated flow, the application constructs the authentication request along with the redirect_uri parameter and sends the request to the IDP. The IDP then verifies that the URL specified in the 'redirect_uri' parameter matches with the Reply URL registered in the application whose client_id is supplied in the request. If both these URLs match, the token is posted to the 'redirect_uri` after successful authentication. At this point, the authentication flow is considered completed and the state parameter is not preserved. So, overriding the Redirect URI and preserving the State parameter is not possible.
So, at this point there is an open session after authentication is complete, and the xml file you created in the custom policy will come in the picture. After authentication, there are two stages.
In the first stage, you have your old password, and you wish to change it. In this case, you must enter your old and new passwords, and you will proceed with the same session page; it is not possible to redirect the session or the page to a different page after the password has been reset.
Stage 2: if you forget your password, it will ask for your mobile verification to verify your identity. Once your identity has been verified using any authentication method, it will ask for a new password and create a new session page and asks you to login into application using new password.
The redirection of the page to the site where the custom policy was invoked after the successful password rest is not possible.
I hope this clarifies things. Please contact us if you have any additional questions.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.
Best regards,
Sakshi Devkante