Google's SAML ACS requires RelayState parameter

I am setting up Cloudflare Access for my organization. We are using JumpCloud as our IdP. I have configured Google as an application within Access (with Cloudflare as the IdP), and if I initiate the SSO process via visiting a Google service first, then I get redirected through Access to JumpCloud and back again as expected.

However, if I try to initiate access to Google from the Cloudflare App Access Launcher, Google responds with “The required response parameter RelayState was missing.”

While I thought that RelayState was an optional parameter, Google seems to want it and Cloudflare isn’t sending it in this particular Cloudflare-initiated flow.

Am I missing something in my setup, or is this a bug?

At this time, relay state for IdP-initiated flows is not supported, but we are working on adding this functionality.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.