KNOWLEDGE BASE

Error "SAML protocol parameter 'RelayState' was not found or not valid" Using ADFS SAML with Mobile app


Published: 10 Oct 2014
Last Modified Date: 24 Oct 2017

Issue

When using the Tableau Mobile app to log in to Tableau Server using ADFS SAML authentication, the following errors might occur:

MSIS7046: The SAML protocol parameter 'RelayState' was not found or not valid. If the context was stored in cookies, the cookies that were presented by the client were not valid. Ensure that the client browser is configured to accept cookies from this website and retry this request.

Or:
 
Expected at least 2 (SAMLRequest and ProtocolBinding) context parts. Received context parts: 1

Or:
 
An error occurred. Contact your administrator for more information.  Error details
 
Activity ID: 00000000-0000-0000-c32d-00800000005e
Relying party: XXXX
Error time: <Date> <Time>
Cookie: enabled
User agent string: Mozilla/5.0 (Windows NT 6.3;WOW64)
AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/38.0.2125.111 Safari/537.36

Environment

  • Tableau Server
  • Safari for iOS
  • Tableau Mobile app 

Resolution

Option 1

Use Tableau Mobile 10.1 and newer versions. This behavior is related to a known Defect 437740 that has been fixed in the release 10.1 of Tableau Mobile.  

Option 2

Using Tableau server 9.1.10 or a later version, please follow the steps below after the installation occurred:
  1. tabadmin stop
  2. tabadmin set wgserver.saml.signrequests false
  3. tabadmin configure
  4. run tabconfig.exe (Tableau Server Configuration Utility), and in the SAML tab, export the metadata file.
  5. Edit (or delete and re-add) the relying party trust in ADFS using the metadata file from step 4
  6. Cancel out of tabconfig.exe. (You can save the changes but there is no need.)
  7. tabadmin start

Option 3

Use Mozilla Firefox or Google Chrome instead. 

Cause

iOS and OS X browsers, such as Safari on a mobile and desktop device, truncate cookies larger than 4KB, which are required by Microsoft ADFS.  ADFS is not able to use the request because vitals parts are missing (such as all or part of the Relay State).  The Tableau Mobile App is also affected. 
Did this article resolve the issue?