Kintone SAML SSO failed with an error Skip to main content
https://support.okta.com/help/answers?id=9062a000000qufbqa0&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Yuta ShimizuYuta Shimizu 

Kintone SAML SSO failed with an error

I activated Okta verified "kintone" application following this instruciton.
http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Kintone.html

But SSO from Okta console is failed with message: "SAMLResponseに対応するAuthnRequestがありません。(AuthnRequest for SAMLResponse is not found.)" on https://acme.cybozu.com/saml/acs

But SAML SSO seems working. I can access my account page from https://acme.cybozu.com/ without id/password input.

Do you have any idea to fix it?

P.S. Kintone only supports SP initiated flow. 
 

Best Answer chosen by Yuta Shimizu
Vlad IvascuVlad Ivascu (Okta, Inc.)
Hello Yuta, 

Since Kintone only supports SP initiated flows then you will not be able to login with SAML from Okta with the Kintone app itself. 

I would recommend to create a Bookmark application and add the SP URL in the bookmark app, and assign this application to your users. Doing this will send your users to Kintone from Okta to simulate an IDP initiated login. 

You will still keep the initial Kintone application (because it is how you are authenticating via SAML) and you can choose to hide it from your users by selecting the boxes for Application visibility in the General tab to not display the app to users. 

If you encounter any issues please don't hesitate to open a Support ticket and we will be happy to assist. 

Thank You,

Vlad Ivascu
Technical Support Engineer
Okta Global Customer Care

All Answers

Vlad IvascuVlad Ivascu (Okta, Inc.)
Hello Yuta, 

Since Kintone only supports SP initiated flows then you will not be able to login with SAML from Okta with the Kintone app itself. 

I would recommend to create a Bookmark application and add the SP URL in the bookmark app, and assign this application to your users. Doing this will send your users to Kintone from Okta to simulate an IDP initiated login. 

You will still keep the initial Kintone application (because it is how you are authenticating via SAML) and you can choose to hide it from your users by selecting the boxes for Application visibility in the General tab to not display the app to users. 

If you encounter any issues please don't hesitate to open a Support ticket and we will be happy to assist. 

Thank You,

Vlad Ivascu
Technical Support Engineer
Okta Global Customer Care
This was selected as the best answer
Yuta ShimizuYuta Shimizu
Hello Vlad,

Thanks for your reply. Your instruction works like a charm. :)