Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Error validating SAML message

Tags:

spring-saml

saml-2.0

okta

i'm trying Okta quick start for Java tomcat SAML, I am very new to this topic.
When I start my test application I do see a link to Okta IDP, after clicking "Start single sign-on" button i am being redirected to Okta address with info "Sining in to SAML - Test" (my Okta test name) after that I'm again being redirected to my application with:
Error Error validating SAML message
after that there is a stack trace with
Caused by: org.opensaml.common.SAMLException: Response doesn't have any valid assertion which would pass subject validation at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:229) at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:82) ... 27 more Caused by: org.opensaml.common.SAMLException: Local entity is not the intended audience of the assertion in at least one AudienceRestriction at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAudience(WebSSOProfileConsumerImpl.java:506) at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertionConditions(WebSSOProfileConsumerImpl.java:458) at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertion(WebSSOProfileConsumerImpl.java:303) at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:214) ... 28 more
What am I missing? What am I doing wrong?
Thanks for all your help Zack.

like image 254
ZaCk1231 Avatar asked Feb 18 '16 14:02

ZaCk1231

People also ask

How do I fix authentication failed on SAML?

Reconfigure IdP details in Service Provider and try again. Unable to process the Status Code received. There may be multiple reasons for this issue- Authentication failure in IdP or Time mismatch between IdP Server and SP Server. Mostly, Reconfigure the IdP and SP details in both IdP and SP should solve the issue.

How do you validate a SAML assertion?

From Setup, enter Single Sign-On Settings in the Quick Find box, select Single Sign-On Settings, then click SAML Assertion Validator. Enter the SAML assertion into the text box, and click Validate. Note If your org has multiple SAML SSO configurations, the validator tries to detect the right one.

1 Answers

The entity ID of your Spring SAML Service Provider doesn't match Destination element in the SAML response from Okta. Compare the two values and fix the value on either Spring SAML or Okta side.

like image 118
Vladimír Schäfer Avatar answered Oct 05 '22 19:10

Vladimír Schäfer
Sign in to Comment

Related questions

Create SAML Assertion and Sign the response
Spring security Saml - Time difference between SP and IDP
Google SAML SSO - 403 app_not_configured_for_user error when signed into personal Google account
how to implement SAML sso using Java, Java EE
Configure Okta to Mediate between our SP Application and IdP
SAML 2.0 based Authentication for iPhone application
IdP initiated login with ThinkTecture IdentityServer v3
Getting error while decryptition of Saml token
Query string not preserved in SAML HTTP Redirect binding
.net core and SAML 2.0
Create SAML response from assertion in C# 4.5 (WIF)
Select Identity Provider Locally with Spring Security's SAML 2.0
Self-Signed Certificate with SAML 2.0
Handling SAML Redirects on AJAX Requests
Using Kentor.AuthServices.StubIdp as production IDP
implementing a logout functionality in passport-saml using Http-post method
Spring Security SAML2 dynamic selection of IDPs or dynamic URLs for them
Windows Identity Foundation does not officially support SAML 2.0; use WIF CTP or stick with SAML 1.1?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!