Security
Highlighted

Okta SAML authentication error

Communicator

Hello Splunkers,

I am facing some difficulties with new Okta SAML authentication with Splunk enterprise, whenever user authenticate using OKTA getting an error as

"The 'Audience' field in the saml response from the IdP does not match the configuration. Ensure the configuration in Splunk matches the configuration in the IdP."

When I am checking Splunk logs with

index=_internal sourcetype=splunkd SAML

I can see a below-mentioned error

ERROR Saml - Failed to verify the assertion - The 'Audience' field in the saml response from the IdP does not match the configuration., Error details=Expected=https://dev.test.com/, found=urn:splunkweb:dev.test.com
Tags (3)
0 Karma
Highlighted

Re: Okta SAML authentication error

Motivator

Hey @sumanssah ,

Your problem seems to be the first among the listed troubleshooting steps.Refer this doc below:
https://docs.splunk.com/Documentation/Splunk/7.2.6/Security/TroubleshootSAMLSSO

let me know if this helps!!

0 Karma
Highlighted

Re: Okta SAML authentication error

Communicator

I referred above-mentioned link, however, no success

0 Karma
Highlighted

Re: Okta SAML authentication error

Path Finder

this issue occured to me when i gave wrong entityId while adding SAML metadata file.

0 Karma