[IGN-2502] Azure SSO identity provider error: Relay state is empty

Bryan_Mason · February 16, 2022, 5:22pm

Hello, I’ve run into an error setting up Azure as an Identity provider for SSO. When I try to launch Ignition from Microsoft MyApps, I get this error:

https://ignition.myCompany.com:8043/data/federate/callback/saml
404 Bad Request
Unable to parse relay state

com.inductiveautomation.ignition.gateway.auth.web.strategy.WebAuthStrategyAdapterException: RelayState is empty
at com.inductiveautomation.ignition.gateway.auth.web.strategy.saml.SAMLWebAuthStrategyAdapter.lambda$parseState$0(SAMLWebAuthStrategyAdapter.java:393)

When I test the Azure connection under Identity Providers, I get a valid saml response and I’ve mapped the user attributes (except roles).
I’ve setup SSL and HTTPS URLs work.
I’m using HTTP_POST for my SSO Service Binding

Do I need to setup a Relay State somewhere?

Version 8.1.2
Web browser: Firefox or Chrome on Windows 10
Only a single gateway

jspecht · February 16, 2022, 6:51pm

Ignition does not yet support IdP-initiated SSO. We do have an internal ticket tracking this feature, and I’ll link it to this thread.

For now, users will have to log into your IdP by navigating to Ignition first and initiating the login from there (SP-initiated SSO).

Bryan_Mason · February 16, 2022, 7:36pm

Thanks for the response! I have have got SSO to work from Ignition directly, so that will work.

Pierre_Nerriere · December 19, 2022, 9:47pm

I'm interesting for the functionality in OKTA.