Security

Okta SAML authentication error

sumanssah
Communicator

Hello Splunkers,

I am facing some difficulties with new Okta SAML authentication with Splunk enterprise, whenever user authenticate using OKTA getting an error as

"The 'Audience' field in the saml response from the IdP does not match the configuration. Ensure the configuration in Splunk matches the configuration in the IdP."

When I am checking Splunk logs with

index=_internal sourcetype=splunkd SAML

I can see a below-mentioned error

ERROR Saml - Failed to verify the assertion - The 'Audience' field in the saml response from the IdP does not match the configuration., Error details=Expected=https://dev.test.com/, found=urn:splunkweb:dev.test.com
Tags (3)
0 Karma

jjmstars
Observer

Thank you!! @AnilPujar I made it!

0 Karma

purnavenkatesh
Explorer

I have the same issues. 

Issue is fixed by correcting the EntityID in my saml configurations. 

0 Karma

deepashri_123
Motivator

Hey @sumanssah ,

Your problem seems to be the first among the listed troubleshooting steps.Refer this doc below:
https://docs.splunk.com/Documentation/Splunk/7.2.6/Security/TroubleshootSAMLSSO

let me know if this helps!!

0 Karma

sumanssah
Communicator

I referred above-mentioned link, however, no success

0 Karma

AnilPujar
Path Finder

this issue occured to me when i gave wrong entityId while adding SAML metadata file.

0 Karma
Get Updates on the Splunk Community!

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...

Explore the Latest Educational Offerings from Splunk [January 2025 Updates]

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...