Announcement Announcement Module
Collapse
No announcement yet.
configuring saml-sample (SP) to work with Okta (IdP) Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • configuring saml-sample (SP) to work with Okta (IdP)

    Some details:
    Okta (acting as the IDP) supports 2 methods of authentication:
    In IDP initiated the flow is:
    User goes to Okta and from their framework gets to the SP.
    In SP initiated the flow is:
    User goes to the target SP first. SP redirects the user to the configured Login URL ( Okta’s generated app instance url) sending the SAMLRequest. Okta handles the SAML request, generates the SAML response, and the SP receives the SAMLResponse and verifies that it is correct.

    When I configure my SP (spring-saml-sample) in the Okta system, I need to supply some data on my SP, such as "post back URL", "recipient" and "audience restriction".
    Can someone help me and explain to me what these fields are and what are the correct values that are relevant to spring-saml-sample? where I take the values from?

    thanks
    ohad

  • #2
    After sniffing in Okta's docs, I found this:

    Audience Restriction – This is the entity id of the Service Provider. It will be provided by the SP and must match exactly. Consult the SP documentation to get this information.
    Recipient –Enter the service provider’s assertion consumer service URL . Consult the SP documentation to get this information.
    So I figured out that this URL should be:
    http://<my-host>/spring-security-sam...s/defaultAlias

    Post Back URL – This is the SAML SP endpoint (i.e. where your users will log in) For example, http://test.acme.com/example-post-sign/
    when using saml-sample, what should this URL be?
    Does saml-sample has a "protected resource" that I should enter here?

    Thanks for any answer!
    Last edited by OhadR; Apr 14th, 2013, 03:11 AM.

    Comment


    • #3
      Hi Ohad,

      The index page of the saml-sample is protected by default - e.g. https://serverort/spring-security-saml2-sample/ - when accessed it will initialize the SSO process. Presuming Okta uses this URL to start the SP initiated flow, the address above is probably the right one to put in.

      Vladi

      Comment


      • #4
        solved

        Vladi,

        thanks for your help.

        Anyways, I solved this thing. how? I tried to debug the saml-sample, and I saw it does not stop at the "SAMLProcessingFilter". so I figured out that it is never called. this is how I understood that the Okta's "post back URL" should be the "SSO" URL, meaning https://srv101.watchdox.net:443/spri...s/defaultAlias.

        p.s. you are right about the https - it does not work with http.

        Originally posted by vsch View Post
        Hi Ohad,

        The index page of the saml-sample is protected by default - e.g. https://serverort/spring-security-saml2-sample/ - when accessed it will initialize the SSO process. Presuming Okta uses this URL to start the SP initiated flow, the address above is probably the right one to put in.

        Vladi

        Comment

        Working...
        X