Hello,
We have a legacy ASP.Net webforms app with forms authentication. We need to hook it up with OKTA (SP) SSO with MS Entra (Azure AD) as IDp. Since OKTA suggest using SAML, I have a SAML app registered with Microsoft Azure and a SSO app registered on OKTA platform. Both are configured with proper endpoints. Testing the SSO from Azure, generates proper SAML request and response and is successful. Now, since OKTA doesn’t have their own SDKs for SAML and recommends using Sustainsys.SAML2, I created a sample client app as POC that registers and uses Sustainsys library and use OWIN startup class to inject Sustainsys middleware (“app.UseSaml2Authentication(new Saml2AuthenticationOptions());” and provide necessary endpoints/options to fire OWIN context authentication challenge, if the user is not authenticated. Thus far everything works fine. Upon execution, the SAML tracer shows, a SAML request is generated, OKTA login comes up, as expected, followed by configured MFA. A SAML response is generated and posted to the ACS URL.
OKTA System log shows AppUser login is successful.
However, than after, the “400 Login Failed - Bad Request Error Code GENERAL_NONSUCCESS” message comes up. In other words, control does not go to configured Default Relay end point.
Has anyone experienced this behavior? Has anyone tried having OKTA SSO with a third party IDp with Sustainsys.SAML and OWIN? If so, would you kindly share some insight?
I believe I am close to completing the POC except the final step. Any help will be greatly appreciated.
Should you need to take a look at my Sustainsys configuration, kindly let me know and I will provide.
Thank You,