Spring-security-saml-dsl without Spring Boot

I’ve got this example to work. https://developer.okta.com/blog/2017/03/16/spring-boot-saml

I have an legacy app that I would like to secure the REST endpoints. Backend is a standard Springframework app that is deployed to Tomcat.

Have anyone gotten it to work?

I’ve got it mostly working, app allows me to login through Okta then I am getting this error
HTTP Status 401 - Authentication Failed: Incoming SAML message is invalid

I believe the error is from SAMLProcessingFilter.java -> SAMLProcessorImpl.java line 105.

Am I missing some configuration or some dependency?

I am using the SecurityConfiguration.java from the example.

Here is a web.xml:

<servlet>
    <servlet-name>rest</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>rest</servlet-name>
    <url-pattern>/resources/*</url-pattern>
</servlet-mapping>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>


<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

Here is the applicationsContext.xml

<context:annotation-config/>
<context:component-scan base-package="com.example"/>
<context:component-scan base-package="org.springframework.security.saml"/>

Can you share what you have done to get spring-security-saml-dsl to work without spring boot to authenticate users with Okta? We also have legacy spring apps with spring mvc/jsp. Examples are much appreciated!