I’ve created an enterprise SAML connection in Auth0, using Okta as the IDP. Authentication works fine. Now I want to set up request signing.
Sign Request in Auth0. I can see
SigAlg being sent along with the
In Okta, I uploaded my tenant’s signing cert (obtained from
But when signature validation is enabled, login transactions immediately fail with
Unknown configuration or configuration not supported.
If I disable signature validation on Okta’s side, login works again. So obviously Okta doesn’t like something about my signed SAMLRequest.
I verified the signature using
Validate SAML AuthN Request Online Tool | SAMLTool.com and it’s correct.
Has anyone successfully configured this?
Dealing with the exact same issue. Did you find a resolution?
I can’t find any other details about this error. What is the next step for debugging this?
Looks like many others are having this issue:
What is the timeline for resolving this?
I have not solved it. I’ve been working around this by disabling signature validation in Okta
You must include the Format attribute on the NameIdPolicy node and the Format value has to match the configuration for your application in Okta.
Applications > “Your Application” > General > Edit (SAML Settings) > Next > Scroll to Bottom
To Fix The Issue:
We are using ComponentSpace and you can’t set the Format prior to calling InitiateSsoAsync. You can only set it when the OnAuthnRequestCreated event occurs.
_samlServiceProvider.Events.OnAuthnRequestCreated += (context, request) =>
request.NameIDPolicy.Format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
Thanks for sharing it with the rest of community!
[From Okta Support]
From what I have been told by our team in terms of Documentation.
This particular function is not something that will be made public. In our public documentation we include general information about how to setup apps that work with us. We do not include advanced details such as how our backed checks are made and what they are, so we do not have any public facing doc which highlights this.
If App Vendors are interested to integrate their applications with us they should be working with our
oinmanager.okta.com team where these types of details are usually discussed.
February 9, 2023, 5:33pm
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.