spring Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Okta Service AccountOkta Service Account 


I'm follow the instruction on 
Everything work fine on http 

When I change sso url to https, I got the following error
- Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}Response
- SAML message intended destination endpoint 'https://xxx.ap-southeast-1.elb.amazonaws.com/spring-security-saml2-sample/saml/SSO' did not match the recipient endpoint 'http://xxx.ap-southeast-1.elb.amazonaws.com/spring-security-saml2-sample/saml/SSO'

Anyone have solution about this?
Best Answer chosen by Niki (Okta, Inc.) 
James FloresJames Flores (Okta, Inc.)
It sounds like a mismatch in the URL's, do you have access to both ends of this configuration?  If so you will need to check that the recipent is expecting inbound connections from the https address.  Also are the certs in place for the  SSL connection, I found this documentaiton that might help you. http://docs.spring.io/spring-security-saml/docs/1.0.x/reference/html/configuration-metadata.html#configuration-metadata-https