Re: Okta SAML authentication error

sumanssah · ‎05-16-2019

Hello Splunkers,

I am facing some difficulties with new Okta SAML authentication with Splunk enterprise, whenever user authenticate using OKTA getting an error as

"The 'Audience' field in the saml response from the IdP does not match the configuration. Ensure the configuration in Splunk matches the configuration in the IdP."

When I am checking Splunk logs with

index=_internal sourcetype=splunkd SAML

I can see a below-mentioned error

ERROR Saml - Failed to verify the assertion - The 'Audience' field in the saml response from the IdP does not match the configuration., Error details=Expected=https://dev.test.com/, found=urn:splunkweb:dev.test.com

jjmstars · ‎02-16-2022

Thank you!! @AnilPujar I made it!

purnavenkatesh · ‎09-18-2020

I have the same issues.

Issue is fixed by correcting the EntityID in my saml configurations.

deepashri_123 · ‎05-17-2019

Hey @sumanssah ,

Your problem seems to be the first among the listed troubleshooting steps.Refer this doc below:
https://docs.splunk.com/Documentation/Splunk/7.2.6/Security/TroubleshootSAMLSSO

let me know if this helps!!

sumanssah · ‎05-19-2019

I referred above-mentioned link, however, no success

AnilPujar · ‎01-19-2020

this issue occured to me when i gave wrong entityId while adding SAML metadata file.

Okta SAML authentication error

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!