SAML "Failed to determine the state of the SSO redirect"

0

I have a Grafana account configured that was previously working fine. When I attempted to login recently I am receive a "Failed to determine the state of the SSO redirect" message. Any ideas on what is causing the error and unsuccessful attempts to log into Grafana?

Melly
已提問 2 年前檢視次數 419 次
1 個回答
0

Hello,

Failed to determine the state of the SSO redirect error usually occurs while signing into Amazon Managed Grafana workspace using a SAML IdP. Kindly note, when a user try to login and the authentication is successful at SAML IdP side, the SAML IdP will send a SAML Assertion file to AMG, and AMG will parse the incoming SAML assertion from SAML IdP to use the attributes within the "AttributeStatement" tags for identifying the user access level.

Thus, the above error usually occurs due to :-

  1. Single sign on URL in your IdP is not setup correctly i.e. ACS / Redirect URL is not correct.
  2. SAML Assertion Response received from IdP do not contain the required attributes
  3. SAML Assertion Response not following UTF-8
  4. SAML IdP's certificate expired

As you already mentioned that the setup was working fine previously but started throwing the errors recently. It could be possible due to SAML IdP's certificate expired. However, it is also possible that the SAML IdP application might have been modified.

Thus, please verify your SAML IdP setup according to SAML Setup documentation, and also ensure the certificate is not expired.

If the suggestions above do not help resolve the issue, we might need to troubleshoot based on your configurations. Could you please create a support case, so we may discuss details on your resource configurations?

Please do not post any sensitive information over re:Post since this is a public platform.

As always, feel free to reach back with any further questions or concerns in the meantime!

AWS
支援工程師
已回答 2 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南