Forum Discussion
jdewing
Cirrus
CirrusSetting up SAML as F5 IDP to work with Amazon Cognito
Has anyone setup F5 SAML to work with Amazon Cognito. I'm getting error message "Invalid RelayState from Identity Provider".
I tried with different endpoint for Relay State. No Luck.
Local IdP Services
IdP Entity ID: https://test01.caci.com/cognito
Assertion Settions:
- Assertion Subject Type: Persistent Identifier
- Assertion Subject Value: %{sessionlogon.last.username)
- Authentication Context Class Reference: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
SAML attributes:
- Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- Values: %{session.ldap.last.attr.userPrincipalName}
External SP Connectors Configuration:
Service Provider Entity ID: urn:amazon:cognito:sp:us-gov-west-1_PewQe5b4r
Relay State: ????
Assertion Consumer Services: https://test01.auth-fips.us-gov-west-1.amazoncognito.com/saml2/idpresponse
Metadata XML file has been uploaded to Amazon Cognitio
Hi jdewing - did the answers from Kees or Aubrey help you out? Are you still looking for a solution? Did you solve it another way?
- AubreyKingF5
Moderator
Have you turned logging on and reviewed the auth logs yet?
Hi,
I hope you have insert a dot here:- Assertion Subject Value: %{session.logon.last.username)
For relay state you could add the following variable: %{session.server.landinguri}
Cheers,
Kees
