RelayState Parameter Value for F5 (as IDP) initiated connection to Google Apps/Mail

Question

Hello Experts, &nbsp;
I am trying to create a SAML SSO. Below are the details&nbsp;

F5 is acting as IDP
Google GSuite is acting as SP (we intent to use gmail, drive etc from google with Auth by F5 APM)
When I try IDP initiated connection, i.e. Click on the SAML SSO link published in Webtop, I am getting an error from google, which says "The required response parameter RelayState was missing"
I have not configured any relaystate parameter in F5 under SAML SP Connector configuration. (rather i dont know what to configure) I tried to search a lot but not getting a definitive working parameter to be used as relay state.&nbsp;

Anyone got that working, please let me know how we can get this working or what relay state parameter shall i use when using F5 as IDP and google as SP, and the connection is IDP initiated.&nbsp;

_swo0sh_gt_3084 · Answer

Have you already checked the Deployment guide?
https://www.f5.com/pdf/deployment-guides/saml-idp-saas-dg.pdf&nbsp;

rohit_singla_17 · Answer

No Man, this guide is good, but relay state information is missing, I tried few stuff, but didnt work. looking for exact information for relay state for google apps/ google mail when gsuite is SP. this guide says, relaystate as none :)&nbsp;

keesvandenbos · Answer

have a look at this devcentral post ¬†
Cheers,¬†
Kees¬†

rohit_singla_17 · Answer

Yes, one of my colleague helped me with this and this relay state works&nbsp;
https://www.google.com/a/uti.aucegypt.edu/ServiceLogin\?service=mail&amp;passive=true&amp;rm=false&amp;continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&amp;ss=1&amp;ltmpl=default&amp;ltmplcache=2&amp;emr=1&amp;osid=1&nbsp;
its Very sad that, none of the F5 or the google documents have this mentioned... &nbsp;

jayrob_328285 · Answer

Can you let me know how you added this to the relay state ? Possibly share the irule sanitized of course? &nbsp;
Thanks so much for your comment on this.&nbsp;
This will really help me I have been banging my head for weeks trying to figure this out. &nbsp;
I have tried the layered VS approach and tried to append relay state as a header, I have tried to use a stream profile and re-write the payload, but I am still having difficulties. &nbsp;

Forum Discussion

RelayState Parameter Value for F5 (as IDP) initiated connection to Google Apps/Mail

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

HTTP auth - Calling external API with parameters

DevCentral Connects hosts Capture the Flag!

Troubeshooting website connection

Rebalancing connections

Need Help in iRule to Modify HTTP header parameter.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS