By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

RelayState information required for Workspaces Web

0

I'm experimenting with Workspaces web, using Azure as an IdP. I've followed the guidance here. If I launch the portal by clicking in the web portal endpoint in the management console, everything works: I get prompted for my Azure credentials and everything works as expected. But if I launch the app from my Azure portal (myapps.microsoft.com) I get the message Required String parameter 'RelayState' is not present. I'm not clear where I should be finding the appropriate RelayState information to populate the relevant field in my Azure Enterprise application. This link refers to a registration code - but that seems to be specific to Workspaces, rather than Workspaces Web. Can anybody offer any suggestions?

Topics
End User Computing
Tags
Amazon WorkSpaces Web
Language
English
Rich
asked 5 months ago145 views
2 Answers
0

Hello Team,

I was able to reproduce the issue internally as well however I found a solution for this as below.

You have added the application to the application launcher which you have created for the workspacesWeb however you need to PIN the application as Custom application.

To do that you will need to create a New application and add the Web portal endpoint URL as Single sign-on URL and then you need to pin that application to the application launcher.

To Pin a custom app [1] :

  1. In Azure Active Directory, choose Enterprise applications > New application on the top of the All applications page.
  2. On the Add an application page, choose Non-gallery application or Create your own application if you are in the preview version of Azure Active Directory.
  3. Type a name for the application and then assign user in the Users and groups tab.
  4. Use the Properties tab to upload an icon for the app.
  5. To assign a URL to the app, in the Single sign-on tab, choose Linked and then enter a URL (Web portal endpoint.
  6. Choose Save.

Once done the add the application to the application launcher :

  1. Go to the Microsoft 365 admin center at https://admin.microsoft.com.
  2. In the left navigation, choose Show all, and under Admin centers, choose Azure Active Directory.
  3. In Azure Active Directory, choose Enterprise applications > App launchers > Settings.
  4. In the Microsoft 365 settings section, choose Add application.
  5. Choose the applications which you created above with Web portal endpoint URL and pin to the users' app launcher, and then choose Add.

Once done user can launch this new app which is basically redirecting to the actual workspaces web app.

References:

[1] Pin apps to your users' app launcher: https://learn.microsoft.com/en-us/microsoft-365/admin/manage/pin-apps-to-app-launcher?view=o365-worldwide

Kartik
answered 5 months ago
0

So, if I understand this correctly I do the following:

  1. Create an Enterprise app (let's call it App1) following this guidance: https://docs.aws.amazon.com/workspaces-web/latest/adminguide/azure-idp.html. That sorts out all the SAML/IdP/SSO stuff and gets me to where I was above.
  2. Create a second Enterprise app (call it App2) which calls the web portal url (which then behind the scenes handles all the SAML that has been defined in App1) and pin it to the users app launcher. I've tried this and it seems to work but in my launcher I now see BOTH App1 and App2. Is there a way to suppress the display of App1?

Going back to my initial scenario, with App1 that has no Relay State URL, I've discovered that by populating the "Sign On URL (Optional)" field with the Workspace Web portal URL I seen to get similar results as those achieved following your suggestions.

Rich
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content