Salesforce is upgrading its SAML framework as part of regular maintenance. This update can affect integrations with third-party systems, such as integrations with SAML identity providers and SAML-enabled applications. This update applies to all SAML-based integrations, including Identity for Employees and Salesforce Customer Identity, including Experience Cloud. This update was first made available in Summer ’22.
Where: This change applies to Lightning Experience and Salesforce Classic in all editions.
When: Salesforce enforces this update in Spring ’23. To get the major release upgrade date for your instance, go to Trust Status, search for your instance, and click the maintenance tab.
Why: This maintenance update improves your security posture and can increase the platform’s performance. Some single sign-on (SSO) URLs are now encoded. For service provider-initiated SSO, the Identity Provider URL and Assertion Consumer Service (ACS) URL are encoded. For all single logout configurations, the Single Logout Endpoint and relay state parameter are encoded. All existing SAML-based integrations can be affected.
How: Because Salesforce uses SAML to integrate with third-party systems, this upgrade can break integrations on the third party’s side. To avoid disruptions, apply this release update and test your SAML integrations.
Upgrade SAML Single Sign-On Framework (Release Update) (salesforce.com)