[ZBX-17765] SAML Login: User not redirected to relay state page (told they are not logged in) after successful authentication Created: 2020 May 19  Updated: 2020 Jun 23

Status: Need info
Project: ZABBIX BUGS AND ISSUES
Component/s: None
Affects Version/s: 5.0.0
Fix Version/s: None

Type: Incident report Priority: Trivial
Reporter: Chris Assignee: Kristians Pavars
Resolution: Unresolved Votes: 0
Labels: SAML, authentication
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

CentOS 7

Attachments: PNG File Screenshot from 2020-05-18 16-34-35.png     PNG File Screenshot from 2020-05-18 16-37-23.png     PNG File Screenshot from 2020-06-23 11-56-40-scrub.png    

 Description   

**SAML authentication successfully set up through Okta:

Okta Relay State URL: https://zabbix.xxxxxx.org/zabbix.php?action=dashboard.view

User trying to access Zabbix through Okta sees this:

However, I can see that the user has successfully authenticated and Adminstration > Users shows that the user is online.

When the user tries a 2nd time to open Zabbix from Okta they are successfully logged in and redirected to the dashboard (as specified by the Relay State URL).

 

Process repeats when user logs out through Zabbix UI.

 Comments   
Comment by Aigars Kadikis [ 2020 Jun 09 ]

Hello Chris,

Apologize for the long delay. We are putting things together to have a full lab for this.

Please share also a configuration of how you filed the fields and checkboxes at okta.com

 

In general, you need to have "Messages" and "Assertions" checked at both sides.

Please follow guide on https://github.com/catsAND/zabbix-saml

Let us know how the result.

Comment by Chris [ 2020 Jun 23 ]

Okta settings:

I've used the 5.0.0 appliance and implemented SAML exactly as specified by the guide, but still experience the same behavior.

  • Without Relay State set, user is told they must log in the first time launching Zabbix via Okta, but is allowed in the 2nd time.
  • With Relay State set to index_sso.php, user logs directly in to dashboard every time.
Generated at Sun Apr 05 07:35:53 EEST 2026 using Jira 10.3.18#10030018-sha1:5642e4ad348b6c2a83ebdba689d04763a2393cab.