Support Article

SAML SSO fails: Missing Relaystate information in IDP Response

SA-22206

Summary



Identity manager (IDP) initiated SSO login to Pega application fails in Pega 7.1.9.


Error Messages



Unable to process the SAML WebSSO request : Missing Relaystate information in IDP Response


Steps to Reproduce



1. Configure SAML Auth profile.
2. Initiate IDP initiated SSO login to Pega application:
    
https://your_testserver.com/your_affwebservices/public/saml2sso


Root Cause



A defect or configuration issue in the operating environment. URL encoded RelayState property needs to be mentioned to tell Service Provider (Pega) what to do

Resolution



Perform the following local-change:

Encode Pega SSO URL for example, https://your_pegaserver.com/prweb/sso to: https%3A%2F%2Fyour_pegaserver.com%2Fprweb%2Fsso

Thereafter change the SP initiated login URL to:

https://
your_testserver.com/your_affwebservices/public/saml2sso&RelayState=https%3A%2F%2Fyour_pegaserver.com%2Fprweb%2Fsso

Published April 21, 2016 - Updated October 8, 2020

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.