How can I use this for Okta? about spring-boot-security-saml-sample HOT 1 CLOSED

Hey @vdenotaris ,
thanks bunch for putting this sample together... helps me - and am sure many others - tremendously.

I too am required to integrate Okta (and OneLogin and Auth0) IdP-initiated SSO for our web app.

OneLogin and SSCircle works like a charm, but I'm experiencing error retrieving metadata that I'm guessing has to do with incorrectly configured IdP certificates for other two.
Punching https://dev-695900.oktapreview.com/app/<hide-my-entityID>/sso/saml/metadata url in any browser successfully returns the metadata xml.
I can bypass this issue by downloading it and using FilesystemMetadataProvider, but then of course SSO fails at runtime.

Now, Okta use to work up until few weeks ago and I'm working with their support team to figure out what, if anything, has changed on their end that might have cause the issue and will share the fundings.

In a meantime, I have downloaded and imported latest okta.cert from my oktapreview development account into samlKeystore.jks and am suspicious of way Okta's cert configured:

and what shows-up in the log:

: Attempting PKIX path validation on untrusted credential: [subjectName='CN=.oktapreview.com,OU=Technical Operations,O=Okta, Inc.,L=San Francisco,ST=California,C=US']
: PKIX path construction failed for untrusted credential: [subjectName='CN=.oktapreview.com,OU=Technical Operations,O=Okta, Inc.,L=San Francisco,ST=California,C=US']: unable to find valid certification path to requested target
: Trust of untrusted credential could not be established via PKIX validation
: Error retrieving metadata from https://dev-695900.oktapreview.com/app/hide-my-entityID/sso/saml/metadata

Anything you can point out for me to look into very much appreciated.
Thanks
_GTM

from spring-boot-security-saml-sample.