MetadataProviderException: Non-ok status code 403 returned from remote metadata source


#1

I have followed this article exactly the way it is described and it worked. https://developer.okta.com/blog/2017/03/16/spring-boot-saml

Now I made the changes for it to work with Enterprise Version of OKTA. I followed the same procedure there while creating an app.

Provided this two URL’s

  • Single sign on URL: https://localhost:8443/saml/SSO
  • Audience URI: https://localhost:8443/saml/metadata

Once the application was created it gave me back two url’s

Metadata URL : https://company.okta.com/api/v1/apps/xxxxxxx12345zzzzz/sso/saml/metadata

SignOn URL : https://company.okta.com/home/adobestageenv_oktasamljavaspringtest_1/xxxxxxx12345zzzzz/nd84bnf9vnwr75hsof8

I included the above Metadata URL in my Spring Boot Java App under my application.properties ==> security.saml2.metadata-url property

Here is the SecurityConfiguration Code

@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/saml*").permitAll()
.anyRequest().authenticated()
.and()
.apply(saml())
.serviceProvider()
.keyStore()
.storeFilePath(this.keyStoreFilePath)
.password(this.password)
.keyname(this.keyAlias)
.keyPassword(this.password)
.and()
.protocol(“https”)
.hostname(String.format("%s:%s", “localhost”, this.port))
.basePath("/")
.and()
.identityProvider()
.metadataFilePath(this.metadataUrl);
}

After doing this I tried to run the app and I get following error

018-08-08 12:43:02.081 ERROR 23120 — [nio-8443-exec-1] o.o.s.m.provider.HTTPMetadataProvider : Non-ok status code 403 returned from remote metadata source https://company.okta.com/api/v1/apps/xxxxxxx12345zzzzz/sso/saml/metadata
2018-08-08 12:43:02.097 INFO 23120 — [nio-8443-exec-1] .s.m.p.AbstractReloadingMetadataProvider : Next refresh cycle for metadata provider ‘https://company.okta.com/api/v1/apps/xxxxxxx12345zzzzz/sso/saml/metadata’ will occur on ‘2018-08-08T19:48:02.083Z’ (‘2018-08-08T12:48:02.083-07:00’ local time)
2018-08-08 12:43:02.113 ERROR 23120 — [nio-8443-exec-1] o.o.s.m.p.AbstractMetadataProvider : Metadata provider failed to properly initialize, fail-fast=true, halting

I am still using Self Signed JKS file in my resources/saml directory as described in the project link above.

My Questions

  1. How to Solve this error ?
  2. What to do with SignOn URL ?
  3. Any change that needs to be done on the SecurityConfiguration.Java Code ?

Any Help will be appreciated. Thanks