MetadataProviderException: Non-ok status code 403 returned from remote metadata source

I have followed this article exactly the way it is described and it worked.

Now I made the changes for it to work with Enterprise Version of OKTA. I followed the same procedure there while creating an app.

Provided this two URL’s

  • Single sign on URL: https://localhost:8443/saml/SSO
  • Audience URI: https://localhost:8443/saml/metadata

Once the application was created it gave me back two url’s

Metadata URL :

SignOn URL :

I included the above Metadata URL in my Spring Boot Java App under my ==> security.saml2.metadata-url property

Here is the SecurityConfiguration Code

protected void configure(final HttpSecurity http) throws Exception {
.hostname(String.format("%s:%s", “localhost”, this.port))

After doing this I tried to run the app and I get following error

018-08-08 12:43:02.081 ERROR 23120 — [nio-8443-exec-1] o.o.s.m.provider.HTTPMetadataProvider : Non-ok status code 403 returned from remote metadata source
2018-08-08 12:43:02.097 INFO 23120 — [nio-8443-exec-1] .s.m.p.AbstractReloadingMetadataProvider : Next refresh cycle for metadata provider ‘’ will occur on ‘2018-08-08T19:48:02.083Z’ (‘2018-08-08T12:48:02.083-07:00’ local time)
2018-08-08 12:43:02.113 ERROR 23120 — [nio-8443-exec-1] o.o.s.m.p.AbstractMetadataProvider : Metadata provider failed to properly initialize, fail-fast=true, halting

I am still using Self Signed JKS file in my resources/saml directory as described in the project link above.

My Questions

  1. How to Solve this error ?
  2. What to do with SignOn URL ?
  3. Any change that needs to be done on the SecurityConfiguration.Java Code ?

Any Help will be appreciated. Thanks


Did you get further with this and found the root cause? :slight_smile: