https://community.esri.com/t5/arcgis-online-questions/relaystate-error-using-ad-fs-3-for-enterprise/m-p/248719#M12206 <HTML><HEAD></HEAD><BODY><P><BR />We recently encountered an error where iOS devices were failing to log into a newly set up AD FS endpoint with a rather cryptic error: "The required parameter RelayState was missing or invalid".&nbsp; The error was appearing in the AD FS event logs on the window server.</P><P></P><P>It appears that this error is usually caused by the SAML cookies exceeding the 4kb cookie limit , which results in a truncated cookie being sent to the endpoint, which is certainly invalid.</P><P></P><P><A href="https://social.msdn.microsoft.com/Forums/vstudio/en-US/af0ac0c0-fdc8-42aa-91f5-945a29eec333/adfs-20-web-sso-not-working-in-current-versions-of-safari-for-windows-or-ios" title="https://social.msdn.microsoft.com/Forums/vstudio/en-US/af0ac0c0-fdc8-42aa-91f5-945a29eec333/adfs-20-web-sso-not-working-in-current-versions-of-safari-for-windows-or-ios">ADFS 2.0 Web SSO not working in current versions of Safari for Windows or iOS</A></P><P></P><P>It turned out that the workaround to the problem was to <STRONG>uncheck </STRONG>the settings under Enterprise Login advanced settings</P><UL><LI>Encrypt Assertion</LI><LI>Enable Signed Request</LI><LI>Propagate logout to Identity Provider</LI></UL><P></P><P><SPAN style="color: #444444; font-family: Verdana, Helvetica, sans-serif; font-size: 12px;">For some reason, enabling all of these options resulted in cookies that were too large and caused the failures.&nbsp; Hopefully this information can help others who run into the same issue.</SPAN></P></BODY></HTML> Tue, 29 Mar 2016 20:53:39 GMT LucasScharenbroich 2016-03-29T20:53:39Z https://community.esri.com/t5/arcgis-online-questions/relaystate-error-using-ad-fs-3-for-enterprise/m-p/248719#M12206 <HTML><HEAD></HEAD><BODY><P><BR />We recently encountered an error where iOS devices were failing to log into a newly set up AD FS endpoint with a rather cryptic error: "The required parameter RelayState was missing or invalid".&nbsp; The error was appearing in the AD FS event logs on the window server.</P><P></P><P>It appears that this error is usually caused by the SAML cookies exceeding the 4kb cookie limit , which results in a truncated cookie being sent to the endpoint, which is certainly invalid.</P><P></P><P><A href="https://social.msdn.microsoft.com/Forums/vstudio/en-US/af0ac0c0-fdc8-42aa-91f5-945a29eec333/adfs-20-web-sso-not-working-in-current-versions-of-safari-for-windows-or-ios" title="https://social.msdn.microsoft.com/Forums/vstudio/en-US/af0ac0c0-fdc8-42aa-91f5-945a29eec333/adfs-20-web-sso-not-working-in-current-versions-of-safari-for-windows-or-ios">ADFS 2.0 Web SSO not working in current versions of Safari for Windows or iOS</A></P><P></P><P>It turned out that the workaround to the problem was to <STRONG>uncheck </STRONG>the settings under Enterprise Login advanced settings</P><UL><LI>Encrypt Assertion</LI><LI>Enable Signed Request</LI><LI>Propagate logout to Identity Provider</LI></UL><P></P><P><SPAN style="color: #444444; font-family: Verdana, Helvetica, sans-serif; font-size: 12px;">For some reason, enabling all of these options resulted in cookies that were too large and caused the failures.&nbsp; Hopefully this information can help others who run into the same issue.</SPAN></P></BODY></HTML> Tue, 29 Mar 2016 20:53:39 GMT https://community.esri.com/t5/arcgis-online-questions/relaystate-error-using-ad-fs-3-for-enterprise/m-p/248719#M12206 LucasScharenbroich 2016-03-29T20:53:39Z