I’m trying to use a custom SAML Identity Provider to access our Okta Admin portal. What we want to implement is an IdP Initiated flow, where Okta serves as SP and our IdP acts as IdP and initiates the login flow to the Admin portal.
I’ve already configured the SAML Identity Provider and the routing rule for this provider, but the login request with a SAML Response containing a SAML Assertion returns this page:
I cannot see any events associated with this request that were recorded in the System Log of our Okta Organization.
Some things that we’ve already (unsuccessfully) tried:
- We can confirm that requests are arriving to Okta OK, as changing --data-urlencode to --data-raw leads to a System Log with the message “The incoming message is not a valid SAMLResponse”
- We used an external tool to validate that the SAML Response is OK: SAML Response Validator - Validate SAML Metadata, Signatures & Certificates
- We tried doing some modifications to the SAML Response, with no success
I know that using an external SAML IdP to access the admin console is possible, as I’ve done it before using Auth0 as my IdP in an SP initiated flow. But is it possible to do the same with an IdP Initiated flow? If so, what am I doing wrong?
Many thanks