Issue with SSO - Could not validate SAMLResponse for esignature only

Kerry10 · ‎05-08-2018

We are trying to configure SSO using OKTA. We have configured the IDP and everyone can login without issue. However, when we try to e-sign the following happens:

-The window pops up to enter okta credentials

-I login and am redirected to a "login complete" screen

-The approval record shows approved

-I hit the cancel button and the approval record moves back to requested

-I refresh the page and get an error

The logs show nothing more than "could not validate samlresponse"

Any help would be much appreciated.

Kerry10 · ‎06-04-2018

Hello,

Our error occured because we were using a different saml configuration for esignature than we were for standard login. Is this what you are doing?

If not, you may be getting that error if the saml is checking for the user's email address instead of their username, or vice versa.

That was our experience - hope it helps

View solution in original post

mig · ‎05-29-2018

Hi,

I am having the same error. Within the error logs I found something like:

"SAML2ValidationError: No valid SubjectConfirmation found."

AND
"SAML2ValidationError: Recipient attribute in SubjectConfirmationData mismatch. Expected:...."

the page Multi-SSO (SAML 2.0) errors and fixes brings a list of error messages and the corresponding fixes.

I will contact the administrator of our SAML system regarding to this entry:

Please let me know if and how your issue has been fixed.

Kind regards

Miguel

Kerry10 · ‎06-04-2018