Hi
We have apigee-sso module installed and we enabled SSO login with Okta for edgeui.
During the saml authentication process, we got below error message in browser:
This is the apigee-sso.log for this session:
10.11.99.165 - - [18/Aug/2020:14:39:02 -0400] "GET /oauth/authorize?client_id=edgeui&response_type=code&redirect_uri=http%3A%2F%2Fqa-apigee-lx01.com%3A9000%2FoAuthCallbackWithAuthcode&state=%2F HTTP/1.1" 302 - 6 text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 - 10.11.99.165 - - [18/Aug/2020:14:39:02 -0400] "GET /login HTTP/1.1" 200 19934 20 text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 text/html;charset=ISO-8859-1 10.11.99.165 - - [18/Aug/2020:14:39:04 -0400] "GET /saml/discovery?returnIDParam=idp&entityID=apigee-saml-login-opdk&idp=okta&isPassive=true HTTP/1.1" 302 - 8 text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 - 10.11.99.165 - - [18/Aug/2020:14:39:04 -0400] "GET /saml/login/alias/apigee-saml-login-opdk?disco=true&idp=http%3A%2F%2Fwww.okta.com%2Fexk82l9kmxKkA2Sgk2p7 HTTP/1.1" 200 1862 12 text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 text/html;charset=UTF-8 10.11.99.165 - - [18/Aug/2020:14:39:07 -0400] "POST /saml/SSO/alias/apigee-saml-login-opdk HTTP/1.1" 404 18207 235 text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 text/html;charset=ISO-8859-1 10.11.99.165 - - [18/Aug/2020:14:39:08 -0400] "GET /vendor/font-awesome/css/font-awesome.min.css HTTP/1.1" 404 18207 9 text/css,*/*;q=0.1 text/html;charset=ISO-8859-1 10.11.99.165 - - [18/Aug/2020:14:39:08 -0400] "GET /resources/oss/stylesheets/application.css HTTP/1.1" 404 18207 10 text/css,*/*;q=0.1 text/html;charset=ISO-8859-1 10.11.99.165 - - [18/Aug/2020:14:39:08 -0400] "GET /resources/images/sad_cloud.png HTTP/1.1" 404 18207 8 image/webp,image/apng,image/*,*/*;q=0.8 text/html;charset=ISO-8859-1
looks like we got 404 error for a post call of /saml/SSO/alias/apigee-saml-login-opdk that caused the issue.
Any clue?
Thanks
Thanks.. It looks like the issue occurs during the very last communication between Okta and APIGEE when Okta POST the authentication SAML assertion back to apigee endpoint: /saml/SSO/alias/apigee-saml-login-opdk
here we got this 404. so what can cause this 404 here? Can Okta post a wrong saml assertion to this endpoint cause the issue?
I don't see why the APIGEE restricts this endpoint access for Okta.
Thanks
User | Count |
---|---|
7 | |
2 | |
2 | |
1 | |
1 |