SAML integration for Private Cloud 4.17.09 with Okta error in EntityID

Not applicable

I follow the steps in Supporting SAML on Edge for Private Cloud for testing SAML integration with Okta. The value for SSO_SAML_IDP_NAME in the example response file is okta and it corresponds to the SAML Issuer ID in the Okta applicationconfiguration (the default is an Okta URL) that is the entityID attribute in the metadat.xml generated by Okta.

Running the setup using the metadata.xml file throws an error (Invalid metadata type for alias[okta]) and is fixed updating the SAML Issuer ID value in Okta and updating the file in /opt/apigee/customer/application. If that value is updated in the response file to a longer string, e.g. the URL, the setup throws errors (apigee-sso-system.log) related to the Postgres column length constraint (36) but the setup output doesn't show this error and tries to continue.

Running the setup using the metadata URL this works with the trial account but using a paid account it trows a XML parser error (caused by: org.xml.sax.SAXParseException: DOCTYPE is disallowed when the feature "http://apache.org/xml/features/disallow-doctype-decl" set to true). With the downloaded metada.xml this works for the paid account as mentioned above.

In conclusion:

  1. Set the SAML Issuer ID to "okta" in Okta.
  2. Use the metadata.xml file in Edge.

the integration should work smoothly.

(The other issues should be attended)

0 0 862
0 REPLIES 0