Integrating Google Workspace with AWS Cognito for SAML Login "relayState from identity provider. "

0

Hi everyone,

I'm currently facing an issue with integrating Google Workspace with AWS Cognito. My goal is to deploy an application where only users from my Google Workspace organization can log in. Here's what I've done so far: In the Google Workspace Admin Panel, I created a SAML app. In AWS Cognito, I added this SAML app as an identity provider.

However, when I attempt to log in, I encounter the following error: "Invalid relayState from identity provider."

Has anybody else faced this problem? I've come across many posts about integrating Google with Cognito, but my specific requirement is to ensure that only email addresses from my company's domain are able to log in through the Cognito user pool.

Any advice or insights would be greatly appreciated!

Thank you in advance for your help!

2개 답변
0

The error “Invalid relayState from identity provider” usually occurs when there is a mismatch between the RelayState parameter configured in your Identity Provider (IdP) and the one expected by AWS Cognito.

As of February 2024, AWS Cognito does support the IdP initiated flow. If you are using IdP-initiated SAML, you need to update the format of your RelayState.

Ref: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-SAML-session-initiation.html#cognito-user-pools-SAML-session-initiation-idp-initiation

profile picture
전문가
답변함 6달 전
0

Thanks for your answer. I found a solution: add identity_provider=youridentityproviderid&client_id=yourclientid&redirect_uri=yourredirecturl&response_type=token&scope=openid+email+profile to my Google SAML start URL. The scope in the URL needs to be the same as the AWS Cognito client OpenID Connect scopes.

답변함 6달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인