KNOWLEDGE BASE

Error "SAML protocol parameter 'RelayState' was not found or not valid" Using ADFS SAML with Mobile app


Published: 10 Oct 2014
Last Modified Date: 23 Jan 2020

Issue

When using the Tableau Mobile app to log in to Tableau Server using ADFS SAML authentication, the following errors might occur:

MSIS7046: The SAML protocol parameter 'RelayState' was not found or not valid. If the context was stored in cookies, the cookies that were presented by the client were not valid. Ensure that the client browser is configured to accept cookies from this website and retry this request.

Or:
 
Expected at least 2 (SAMLRequest and ProtocolBinding) context parts. Received context parts: 1

Or:
 
An error occurred. Contact your administrator for more information.  Error details
 
Activity ID: 00000000-0000-0000-c32d-00800000005e
Relying party: XXXX
Error time: <Date> <Time>
Cookie: enabled
User agent string: Mozilla/5.0 (Windows NT 6.3;WOW64)
AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/38.0.2125.111 Safari/537.36

Environment

  • Tableau Server
  • Safari for iOS
  • Tableau Mobile app 

Resolution

Option 1

Using Tableau Server, please follow the steps below after the installation occurred:

Note: for Tableau Server version 2018.2 or newer versions, please use the tsm commands. For Tableau Server version 2018.1 or older versions, please use the tabadmin commands. For more information, see the following topics in Tableau Help: Comparing Functionality of tabadmin and TSM and Migrate from Tabadmin to the TSM CLI;

TSM () = tsm configuration set -k wgserver.saml.signrequests -v false
TabAdmin () = tabadmin set  wgserver.saml.signrequests false
  1. Stop Tableau Server
    • tabadmin stop
    • tsm stop
  2. Configure wgserver.saml.signrequests
    • tsm configuration set -k wgserver.saml.signrequests -v false
    • Tabadmin commands 
      1. tabadmin set wgserver.saml.signrequests false
      2. tabadmin configure
  3. run tabconfig.exe (Tableau Server Configuration Utility), and in the SAML tab, export the metadata file.
  4. Edit (or delete and re-add) the relying party trust in ADFS using the metadata file from step 4
  5. Cancel out of tabconfig.exe. (You can save the changes but there is no need.)
  6. Start Tableau Server
    • tabadmin start
    • tsm start

Option 2

Use Mozilla Firefox or Google Chrome instead. 

Cause

iOS and OS X browsers, such as Safari on a mobile and desktop device, truncate cookies larger than 4KB, which are required by Microsoft ADFS. ADFS is not able to use the request because vitals parts are missing (such as all or part of the Relay State).  The Tableau Mobile App is also affected. 
Did this article resolve the issue?