SAML "Failed to determine the state of the SSO redirect"

0

I have a Grafana account configured that was previously working fine. When I attempted to login recently I am receive a "Failed to determine the state of the SSO redirect" message. Any ideas on what is causing the error and unsuccessful attempts to log into Grafana?

Melly
已提问 2 年前419 查看次数
1 回答
0

Hello,

Failed to determine the state of the SSO redirect error usually occurs while signing into Amazon Managed Grafana workspace using a SAML IdP. Kindly note, when a user try to login and the authentication is successful at SAML IdP side, the SAML IdP will send a SAML Assertion file to AMG, and AMG will parse the incoming SAML assertion from SAML IdP to use the attributes within the "AttributeStatement" tags for identifying the user access level.

Thus, the above error usually occurs due to :-

  1. Single sign on URL in your IdP is not setup correctly i.e. ACS / Redirect URL is not correct.
  2. SAML Assertion Response received from IdP do not contain the required attributes
  3. SAML Assertion Response not following UTF-8
  4. SAML IdP's certificate expired

As you already mentioned that the setup was working fine previously but started throwing the errors recently. It could be possible due to SAML IdP's certificate expired. However, it is also possible that the SAML IdP application might have been modified.

Thus, please verify your SAML IdP setup according to SAML Setup documentation, and also ensure the certificate is not expired.

If the suggestions above do not help resolve the issue, we might need to troubleshoot based on your configurations. Could you please create a support case, so we may discuss details on your resource configurations?

Please do not post any sensitive information over re:Post since this is a public platform.

As always, feel free to reach back with any further questions or concerns in the meantime!

AWS
支持工程师
已回答 2 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容