Not able to SSO login on private cloud with 404 error

han-zhang
Participant IV

Hi

We have apigee-sso module installed and we enabled SSO login with Okta for edgeui.

During the saml authentication process, we got below error message in browser:

Uh oh.
Something went amiss.

This is the apigee-sso.log for this session:

10.11.99.165 - - [18/Aug/2020:14:39:02 -0400] "GET /oauth/authorize?client_id=edgeui&response_type=code&redirect_uri=http%3A%2F%2Fqa-apigee-lx01.com%3A9000%2FoAuthCallbackWithAuthcode&state=%2F HTTP/1.1" 302 - 6 text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 -
10.11.99.165 - - [18/Aug/2020:14:39:02 -0400] "GET /login HTTP/1.1" 200 19934 20 text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 text/html;charset=ISO-8859-1
10.11.99.165 - - [18/Aug/2020:14:39:04 -0400] "GET /saml/discovery?returnIDParam=idp&entityID=apigee-saml-login-opdk&idp=okta&isPassive=true HTTP/1.1" 302 - 8 text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 -
10.11.99.165 - - [18/Aug/2020:14:39:04 -0400] "GET /saml/login/alias/apigee-saml-login-opdk?disco=true&idp=http%3A%2F%2Fwww.okta.com%2Fexk82l9kmxKkA2Sgk2p7 HTTP/1.1" 200 1862 12 text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 text/html;charset=UTF-8
10.11.99.165 - - [18/Aug/2020:14:39:07 -0400] "POST /saml/SSO/alias/apigee-saml-login-opdk HTTP/1.1" 404 18207 235 text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 text/html;charset=ISO-8859-1
10.11.99.165 - - [18/Aug/2020:14:39:08 -0400] "GET /vendor/font-awesome/css/font-awesome.min.css HTTP/1.1" 404 18207 9 text/css,*/*;q=0.1 text/html;charset=ISO-8859-1
10.11.99.165 - - [18/Aug/2020:14:39:08 -0400] "GET /resources/oss/stylesheets/application.css HTTP/1.1" 404 18207 10 text/css,*/*;q=0.1 text/html;charset=ISO-8859-1
10.11.99.165 - - [18/Aug/2020:14:39:08 -0400] "GET /resources/images/sad_cloud.png HTTP/1.1" 404 18207 8 image/webp,image/apng,image/*,*/*;q=0.8 text/html;charset=ISO-8859-1

looks like we got 404 error for a post call of /saml/SSO/alias/apigee-saml-login-opdk that caused the issue.

Any clue?

Thanks

0 2 859
2 REPLIES 2

During SAML Login, Apigee SSO would redirect to unauthenticated IDP login URL and during the handshake if the IDP URL does not respond or has any restriction in accessing the page we see typical 404 error.

Worth validating below checks,
  • Metadata configured as apigee service provide.
  • IDP login url configured in apigee

Thanks.. It looks like the issue occurs during the very last communication between Okta and APIGEE when Okta POST the authentication SAML assertion back to apigee endpoint: /saml/SSO/alias/apigee-saml-login-opdk

here we got this 404. so what can cause this 404 here? Can Okta post a wrong saml assertion to this endpoint cause the issue?

I don't see why the APIGEE restricts this endpoint access for Okta.

Thanks