InResponseToField of the Response doesn’t correspond to sent message a3hi8h7c9hehfce04cbgb4beg402aa8
in a single instance, it is working fine but when it run with multiple containers it throws an error
Can you please describe how to reproduce this error?
My Application is running on PKS env and has multiple instances of the same application when we are trying to open application from okta i am getting that error
My Application is running on PKS env and has multiple instances of the same application when we are trying to open application from okta i am getting that error
Spring boot and SAML SSO
My Application is running on PKS env and has multiple instances of the same application when we are trying to open application from okta i am getting that error
2021-03-15 12:03:22.922 INFO 1 — [nio-8448-exec-1] colMessageXMLSignatureSecurityPolicyRule : Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}Response
2021-03-15 12:03:22.923 INFO 1 — [nio-8448-exec-1] o.s.security.saml.log.SAMLDefaultLogger : AuthNResponse;FAILURE;192.11.48.178;module/saml/metadata;http://www.okta.com/exkqfyh8xtbnutpbS0x7;;;org.opensaml.common.SAMLException: InResponseToField of the Response doesn’t correspond to sent message a3a3ce145e342cf430g3f99ag847c0e
at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:139)
at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:87)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175)
at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:87)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
sir please help me it is very urgent
Please send an email to developers@okta.com to create a support ticket.
how are you actually logging into this? if you are doing SSO straight from Okta (IdP-initiated) there will be no InResponseTo present in the SAML response
I am facing this issue too. It is SP-initiated login which is inside an iframe. Parent document and iframe document both belong to same domain but different sub-domain. And this happens only in chrome version 90.