Error validating SAML message

saml-2.0 spring-saml okta
12,783

The entity ID of your Spring SAML Service Provider doesn't match Destination element in the SAML response from Okta. Compare the two values and fix the value on either Spring SAML or Okta side.

Share:
12,783

Related videos on Youtube

ZaCk1231
Author by

ZaCk1231

Updated on June 04, 2022

Comments

  • ZaCk1231
    ZaCk1231 almost 2 years

    i'm trying Okta quick start for Java tomcat SAML, I am very new to this topic.
    When I start my test application I do see a link to Okta IDP, after clicking "Start single sign-on" button i am being redirected to Okta address with info "Sining in to SAML - Test" (my Okta test name) after that I'm again being redirected to my application with:
    Error Error validating SAML message
    after that there is a stack trace with
    Caused by: org.opensaml.common.SAMLException: Response doesn't have any valid assertion which would pass subject validation at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:229) at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:82) ... 27 more Caused by: org.opensaml.common.SAMLException: Local entity is not the intended audience of the assertion in at least one AudienceRestriction at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAudience(WebSSOProfileConsumerImpl.java:506) at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertionConditions(WebSSOProfileConsumerImpl.java:458) at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertion(WebSSOProfileConsumerImpl.java:303) at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:214) ... 28 more
    What am I missing? What am I doing wrong?
    Thanks for all your help Zack.

  • masT
    masT about 7 years
    Getting same exception with ADFS 3.0. Entity ID of Spring SAML SP application matches the replying party's trust identifier. The exception occurs only when application is deployed at a remote server (works fine at localhost). Please suggest some fix.
  • emphywork
    emphywork over 6 years
    same.. exception only occurs when application is deployed at a remote server

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

"Signature did not validate against the credential's key" with Junos as IdP
configuring saml-sample (SP) to work with Okta (IdP)
Spring-SAML : Incoming SAML message is invalid
Getting list of groups user is associated with in Okta
HttpSession returned null object for SPRING_SECURITY_CONTEXT
SAMLException: Response has invalid status code status message is null
Signature trust establishment failed for SAML metadata entry
IDP initiated SAML login error - Authentication statement is too old to be used with value
SAML 2.0 based Authentication for iPhone application
Keycloak "Unexpected error when handling authentication request to identity provider"