How do I resolve the error "Required String parameter 'RelayState' is not present" when logging in to Panther via OneLogin or Okta?

Issue

When trying to log in to the Panther Console using OneLogin or Okta SSO, it gives the error like Invalid RelayState or Required String parameter 'RelayState' is not present.

Resolution

When configuring Single Sign-On (SSO) using OneLogin or Okta SSO, you should not set a RelayState parameter as Panther does not require it. Panther only supports SP-initiated logins, and the RelayState parameter is not needed since there aren't different post-authentication redirect locations within Panther. You can use the SP-initiated SSO login flow by using the "Login with SSO" link on your Panther Console login page.

Cause

There is a limitation on logging in directly from OneLogin or Okta app/extension (IdP-initiated login flow).