Invalid Grant for SAML Assertion Flow

jpsox04 · June 17, 2025, 8:39pm

Hi,

I’ve been banging my head against the wall for days on this particular problem!

I have followed this guide to the letter. I am able to get a SAML response and what appears to be a valid SAML assertion. I base64url encode the assertion and add in the body of my post request like so (with form URL encoding checked):

I also add a content-type: application/x-www-form-urlencoded to my headers. The post request is being made to the default authorization server at https://.okta.com/oauth2/default/v1/token. I’m also using basic auth with client ID and secret.

I keep getting an “invalid_grant” error with the message “‘assertion’ is not a valid SAML 2.0 Assertion”. I’ve ensured that the assertion is not expired or previously used, checked the audience/recipient headers against my Okta setup, and ensured that the assertion is signed. Everything seems to be in order.

Anyone have an idea what would be causing this issue?

Thanks in advance!

jpsox04 · June 17, 2025, 8:51pm

Also, in case it helps: each time I make a request to the /token endpoint, I get the following in my system log:

erik · June 18, 2025, 5:39pm

Hello,

I send you a direct message to see if you can supply one of the SAML Assertions that is failing.

Post		Replies	Views
Invalid assertion for SAML Assertion Flow SAML	5	5454	July 7, 2021
Issues setting up SAML 2.0 Assertion Grant Type SAML	2	3677	October 14, 2021
Assertion is not a valid SAML 2.0 Assertion error SAML	6	2891	February 15, 2024
Getting 'assertion is not a valid SAML 2.0 Assertion' when exchanging IdP SAML Assertion for Okta Auth Token Questions	2	3467	July 25, 2022
Exchanging SAML Assertion for AuthToken in SAML 2.0 Assertion Flow SAML	7	5012	February 8, 2024

Invalid Grant for SAML Assertion Flow

Related topics