
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-08-2018 08:04 AM
We are trying to configure SSO using OKTA. We have configured the IDP and everyone can login without issue. However, when we try to e-sign the following happens:
-The window pops up to enter okta credentials
-I login and am redirected to a "login complete" screen
-The approval record shows approved
-I hit the cancel button and the approval record moves back to requested
-I refresh the page and get an error
The logs show nothing more than "could not validate samlresponse"
Any help would be much appreciated.
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-04-2018 11:25 AM
Hello,
Our error occured because we were using a different saml configuration for esignature than we were for standard login. Is this what you are doing?
If not, you may be getting that error if the saml is checking for the user's email address instead of their username, or vice versa.
That was our experience - hope it helps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-29-2018 12:46 AM
Hi,
I am having the same error. Within the error logs I found something like:
"SAML2ValidationError: No valid SubjectConfirmation found."
AND
"SAML2ValidationError: Recipient attribute in SubjectConfirmationData mismatch. Expected:...."
the page Multi-SSO (SAML 2.0) errors and fixes brings a list of error messages and the corresponding fixes.
I will contact the administrator of our SAML system regarding to this entry:
Please let me know if and how your issue has been fixed.
Kind regards
Miguel

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-04-2018 11:25 AM
Hello,
Our error occured because we were using a different saml configuration for esignature than we were for standard login. Is this what you are doing?
If not, you may be getting that error if the saml is checking for the user's email address instead of their username, or vice versa.
That was our experience - hope it helps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-05-2018 02:33 AM
Thank you for sharing this information!
Kind regards
Miguel