Security

Okta SAML authentication error

sumanssah
Communicator

Hello Splunkers,

I am facing some difficulties with new Okta SAML authentication with Splunk enterprise, whenever user authenticate using OKTA getting an error as

"The 'Audience' field in the saml response from the IdP does not match the configuration. Ensure the configuration in Splunk matches the configuration in the IdP."

When I am checking Splunk logs with

index=_internal sourcetype=splunkd SAML

I can see a below-mentioned error

ERROR Saml - Failed to verify the assertion - The 'Audience' field in the saml response from the IdP does not match the configuration., Error details=Expected=https://dev.test.com/, found=urn:splunkweb:dev.test.com
Tags (3)
0 Karma

jjmstars
Observer

Thank you!! @AnilPujar I made it!

0 Karma

purnavenkatesh
Explorer

I have the same issues. 

Issue is fixed by correcting the EntityID in my saml configurations. 

0 Karma

deepashri_123
Motivator

Hey @sumanssah ,

Your problem seems to be the first among the listed troubleshooting steps.Refer this doc below:
https://docs.splunk.com/Documentation/Splunk/7.2.6/Security/TroubleshootSAMLSSO

let me know if this helps!!

0 Karma

sumanssah
Communicator

I referred above-mentioned link, however, no success

0 Karma

AnilPujar
Path Finder

this issue occured to me when i gave wrong entityId while adding SAML metadata file.

0 Karma
Get Updates on the Splunk Community!

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...