Forum Discussion
Setting up SAML as F5 IDP to work with Amazon Cognito
Has anyone setup F5 SAML to work with Amazon Cognito. I'm getting error message "Invalid RelayState from Identity Provider".
I tried with different endpoint for Relay State. No Luck.
- Assertion Subject Type: Persistent Identifier
- Assertion Subject Value: %{sessionlogon.last.username)
- Authentication Context Class Reference: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- Values: %{session.ldap.last.attr.userPrincipalName}
Metadata XML file has been uploaded to Amazon Cognitio
- Leslie_HubertusRet. Employee
Hi jdewing - did the answers from Kees or Aubrey help you out? Are you still looking for a solution? Did you solve it another way?
- AubreyKingF5Moderator
Have you turned logging on and reviewed the auth logs yet?
Hi,
I hope you have insert a dot here:- Assertion Subject Value: %{session.logon.last.username)
For relay state you could add the following variable: %{session.server.landinguri}
Cheers,
Kees
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com