2 Answers
- Newest
- Most votes
- Most comments
0
The error “Invalid relayState from identity provider” usually occurs when there is a mismatch between the RelayState parameter configured in your Identity Provider (IdP) and the one expected by AWS Cognito.
As of February 2024, AWS Cognito does support the IdP initiated flow. If you are using IdP-initiated SAML, you need to update the format of your RelayState.
0
Thanks for your answer. I found a solution: add identity_provider=youridentityproviderid&client_id=yourclientid&redirect_uri=yourredirecturl&response_type=token&scope=openid+email+profile to my Google SAML start URL. The scope in the URL needs to be the same as the AWS Cognito client OpenID Connect scopes.
answered 4 months ago
Relevant content
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 3 years ago