So I’ve been testing out the new ‘IDP as a factor’ functionality and for testing purposes, I was able to configure another IDP to act as a factor.
However, I’m now trying a different IDP (Keycloak) and while I can get the SAML flow to work properly, it always fails at the final step when the SAML assertion is sent back to Okta
The only thing in the System log is “Unable to validate incoming SAML Assertion”
I’ve looked at the assertion SAML tracer, and it seems like it’s good. And I’ve double-checked that both sides agree on the certificate, signing algo, etc.