Can't login, SAML authentication is failing with bad link or unhandled URL

Question 

I was able to login previously but now I get an error.

mceclip1.png

Under Single Sign On URL I have something like:
https://ident.mycompany.org/idpssoinit?metaAlias=/company/idp&RelayState=12345&spEntityID=https%3A%2F%2Fmycompany.hosted.xmatters.com

Environment

  • All versions of xMatters
  • SAML authentication

Answer

Your SAML configuration appears to be correct, however you are getting a message that indicate a bad URL is being submitted. 

Recently we enabled a feature to support the RelayState parameter in a login URL. We did not support RelayState previously so up until this change we were ignoring the parameter.
If you are encountering this issue, you may be sending us an invalid RelayState.  RelayState can be configured in the SAML configuration page in the xMatters Web UI or is configured by your Identity Provider (IDP)
If possible, please try the following if you are seeing issues:
  1. Remove the RelayState parameter from the SAML configuration
    mceclip0.png
  2. Try setting the relay state to app.do (for example - change RelayState=12345 in the example above to RelayState=app.do
If your IDP requires a RelayState:
  • See if it is possible to not send the RelayState when connecting to xMatters (this configuration should be possible on the IDP side). Since this may differ between IDP providers please check your documentation on steps to control the RelayState.
  • Set ReadyState to RelayState=app.do

If you still require help please contact xMatters Customer Support

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.