[IGN-2502] Azure SSO identity provider error: Relay state is empty

Hello, I’ve run into an error setting up Azure as an Identity provider for SSO. When I try to launch Ignition from Microsoft MyApps, I get this error:

404 Bad Request
Unable to parse relay state

com.inductiveautomation.ignition.gateway.auth.web.strategy.WebAuthStrategyAdapterException: RelayState is empty
at com.inductiveautomation.ignition.gateway.auth.web.strategy.saml.SAMLWebAuthStrategyAdapter.lambda$parseState$0(SAMLWebAuthStrategyAdapter.java:393)

  • When I test the Azure connection under Identity Providers, I get a valid saml response and I’ve mapped the user attributes (except roles).
  • I’ve setup SSL and HTTPS URLs work.
  • I’m using HTTP_POST for my SSO Service Binding

Do I need to setup a Relay State somewhere?

Version 8.1.2
Web browser: Firefox or Chrome on Windows 10
Only a single gateway

Ignition does not yet support IdP-initiated SSO. We do have an internal ticket tracking this feature, and I’ll link it to this thread.

For now, users will have to log into your IdP by navigating to Ignition first and initiating the login from there (SP-initiated SSO).

Thanks for the response! I have have got SSO to work from Ignition directly, so that will work.

I'm interesting for the functionality in OKTA.