Comments (1)
Hey @vdenotaris ,
thanks bunch for putting this sample together... helps me - and am sure many others - tremendously.
I too am required to integrate Okta (and OneLogin and Auth0) IdP-initiated SSO for our web app.
OneLogin and SSCircle works like a charm, but I'm experiencing error retrieving metadata that I'm guessing has to do with incorrectly configured IdP certificates for other two.
Punching https://dev-695900.oktapreview.com/app/<hide-my-entityID>/sso/saml/metadata
url in any browser successfully returns the metadata xml.
I can bypass this issue by downloading it and using FilesystemMetadataProvider
, but then of course SSO fails at runtime.
Now, Okta use to work up until few weeks ago and I'm working with their support team to figure out what, if anything, has changed on their end that might have cause the issue and will share the fundings.
In a meantime, I have downloaded and imported latest okta.cert
from my oktapreview development account into samlKeystore.jks
and am suspicious of way Okta's cert configured:
and what shows-up in the log:
: Attempting PKIX path validation on untrusted credential: [subjectName='CN=.oktapreview.com,OU=Technical Operations,O=Okta, Inc.,L=San Francisco,ST=California,C=US']
: PKIX path construction failed for untrusted credential: [subjectName='CN=.oktapreview.com,OU=Technical Operations,O=Okta, Inc.,L=San Francisco,ST=California,C=US']: unable to find valid certification path to requested target
: Trust of untrusted credential could not be established via PKIX validation
: Error retrieving metadata from https://dev-695900.oktapreview.com/app/hide-my-entityID/sso/saml/metadata
Anything you can point out for me to look into very much appreciated.
Thanks
_GTM
from spring-boot-security-saml-sample.
Related Issues (20)
- CurrentUserHandlerMethodArgumentResolverTest is failing HOT 1
- Docker: javax.net.ssl.SSLPeerUnverifiedException: SSL peer failed hostname validation for name: null HOT 1
- Deserialization of Untrusted Data (CVE-2019-16335) HOT 1
- Deserialization of Untrusted Data (CVE-2019-14540) HOT 1
- Deserialization of Untrusted Data (CWE-502) HOT 1
- Deserialization of Untrusted Data (CVE-2015-4852, CVE-2015-7501) HOT 1
- Improper Certificate Validation (CVE-2012-5783)
- Man-in-the-Middle (CVE-2012-6153)
- Purpose of apollo key in the JKSKeyManager HOT 1
- Localhost redirect on first click regardless user's context HOT 1
- Behind reverse proxy advertises localhost and internal port HOT 1
- How to add "NameQualifier" and "Format" attributes to LogoutRequest/Issuer HOT 1
- Authentication statement is too old to be used with value 2020-08-31T09:32:00.759Z HOT 1
- With global logout from Identity provider side local session and authentication remain active and valid
- Need help to find the entity if
- Browser back redirects to "/saml/SSO" page. HOT 1
- Handle URL encoding in SAML response HOT 1
- Use Spring Boot 2.7 and Spring Security without WebSecurityConfigurerAdapter
- Metadata refreshing has failed
- Error retrieving metadata
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-boot-security-saml-sample.