Has anyone setup F5 SAML to work with Amazon Cognito.  I'm getting error message "Invalid RelayState from Identity Provider".

I tried with different endpoint for Relay State.  No Luck.

• Assertion Subject Type: Persistent Identifier
• Assertion Subject Value: %{sessionlogon.last.username)
• Authentication Context Class Reference: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

• Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
• Values: %{session.ldap.last.attr.userPrincipalName}

Metadata XML file has been uploaded to Amazon Cognitio