I am using IdP as Onelogin & aws cognito(SP). SP initiated login working fine. But when i clicked on App Portal/ Home -> on my application, then it redirects to cognito with error prompt "Invalid relayState from identity provider" I checked relay state parameter in One-Login configuration is correct like https://***:81/login which is our login page URL.
Amazon Cognito doesn't support IdP-initiated SSO. Amazon Cognito can't verify that it has solicited the SAML response that it receives unless Amazon Cognito initiates authentication with a SAML request.
With a user pool, your app users can sign in through the user pool or federate through a third-party identity provider (IdP). Identity pools are for authorization (access control). You can use identity pools to create unique identities for users and give them access to other AWS services.
Cognito only supports SP initiated flow.
So the flow must go Cognito Authorize endpoint -> IDP -> back to Cognito.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With