Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Setting up SAML as F5 IDP to work with Amazon Cognito

jdewing
Cirrus
Cirrus

‎23-May-2023 12:56

Has anyone setup F5 SAML to work with Amazon Cognito.  I'm getting error message "Invalid RelayState from Identity Provider".

I tried with different endpoint for Relay State.  No Luck.

 

Local IdP Services
IdP Entity ID: https://test01.caci.com/cognito
 
Assertion Settions:
  • Assertion Subject Type: Persistent Identifier
  • Assertion Subject Value: %{sessionlogon.last.username)
  • Authentication Context Class Reference: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
 
SAML attributes:
 
External SP Connectors Configuration:
Service Provider Entity ID: urn:amazon:cognito:sp:us-gov-west-1_PewQe5b4r
Relay State: ????
Assertion Consumer Services:  https://test01.auth-fips.us-gov-west-1.amazoncognito.com/saml2/idpresponse

Metadata XML file has been uploaded to Amazon Cognitio

 

 

Labels:
3 REPLIES 3

AubreyKingF5
Community Manager
Community Manager

‎12-Jun-2023 08:13

Have you turned logging on and reviewed the auth logs yet?

0 Kudos

KeesvandenBos
MVP
MVP

‎15-Jul-2023 11:11

Hi,

I hope you have insert a dot here: 

  • Assertion Subject Value: %{session.logon.last.username)

For relay state you could add the following variable: %{session.server.landinguri}
Cheers,
Kees

0 Kudos

Leslie_Hubertus
Community Manager
Community Manager

‎17-Jul-2023 13:30

Hi @jdewing  - did the answers from Kees or Aubrey help you out? Are you still looking for a solution? Did you solve it another way?

Copyright © 2023 Khoros, LLC