Forum Discussion

jdewing's avatar
Icon for Cirrus rankCirrus
May 23, 2023

Setting up SAML as F5 IDP to work with Amazon Cognito

Has anyone setup F5 SAML to work with Amazon Cognito.  I'm getting error message "Invalid RelayState from Identity Provider".

I tried with different endpoint for Relay State.  No Luck.


Local IdP Services
Assertion Settions:
  • Assertion Subject Type: Persistent Identifier
  • Assertion Subject Value: %{sessionlogon.last.username)
  • Authentication Context Class Reference: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
SAML attributes:
External SP Connectors Configuration:
Service Provider Entity ID: urn:amazon:cognito:sp:us-gov-west-1_PewQe5b4r
Relay State: ????

Metadata XML file has been uploaded to Amazon Cognitio



3 Replies

  • Hi jdewing  - did the answers from Kees or Aubrey help you out? Are you still looking for a solution? Did you solve it another way?

  • Hi,

    I hope you have insert a dot here: 

    • Assertion Subject Value: %{session.logon.last.username)

    For relay state you could add the following variable: %{session.server.landinguri}