The following error is seen when trying to access the Okta Access Gateway (OAG) Admin Console.
Configuration error
SimpleSAML.php appears to be misconfigured.
This may occur after first setting up an OAG node and adding an application or upon disabling/enabling Trusted Domains from the OAG Management Console. An existing Admin Console session may not be affected, but the next attempt to access the Admin Console may result in this error without even reaching the login prompt.
- Okta Access Gateway (OAG)
OAG pulls information about Trusted Domains from the Okta IdP and internally keeps a list of these Trusted Domains in a PHP file. OAG will populate this Trusted Domains file when creating an application or when the Trusted Domains feature is disabled/enabled.
The issue is caused by a Trusted Domain on the Okta IdP side whose URL contains a special character that breaks the OAG's internal Trusted Domain file syntax.
- Example (note the apostrophe ' at the end of the URL):
NOTE: By default, the Okta Admin Console may prevent adding some special characters to the URL. However, this is still possible by using URL percent-encoding.
- On the Okta Identity Provider (IdP) side, either remove the problematic special character from the Origin URL of the Trusted Domain or delete that Trusted Domain altogether if it is no longer needed.
- From the OAG Management Console, disable and then re-enable Trusted Domains.
If the problematic Trusted Domain cannot be identified, please check the contents of the internal Trusted Domains file via the OAG Console Shell. Run the following command from the shell to print the contents of the file:
sudo cat /opt/oag/configs/simpleSAMLphp/config/trusteddomains.php
If further assistance is required, please open a case with Support and provide the output of the above command.
