<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008C3jftSABOkta Classic EngineOkta Integration NetworkAnswered2024-04-18T09:33:59.000Z2016-07-28T18:31:14.000Z2019-02-19T22:02:06.000Z

g4970 (g4970) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
How do I use the Okta IdP metadata to set up SAML on the Service Provider side?
Hi there,

 

I am currently trying to make a custom Java application SAML enabled. I have set up the application as a SAML app in the Okta admin application. The directions in "How to Configure SAML 2.0" then provide the IdP Single Sign-On URL, IdP Issuer, and the X.509 certificate.

 

How would I use this information in order to make my Service Provider (custom Java app) SAML enabled? Which would then allow it to communicate with Okta via the Okta SAML Toolkit.

 

Thanks for the help in advance!
  • 9 answers
  • 3.55K views

  • g4970 (g4970)

    Hi James,

     

    I am not using the Spring Framework for this application. Are the steps the same as far as Service Provider metadata goes? Ideally I can just utilize the Okta SAML Toolkit to communicate with Okta, but I need the proper SP metadata to pull from.

     

    The main issue at hand is that I do not know how to use the information provided by Okta in order to formulate the SP metadata that I can then include in the custom Java app.

     

    Thanks for the prompt reply!
    Expand Post

  • gabriel.sroka1.4374539321839353E12 (Okta, Inc.)

    Hi Daniel,

    Are you using the example webapp? In the Okta SAML Toolkit, check out:

    Okta-SAMLToolkit/examples/webapp/doc/README.html

     

    Thanks,

     

    Gabriel Sroka
    Expand Post

  • g4970 (g4970)

    Hi Gabriel,

     

    I have read the README and looked at the exampels provided. However, in the Okta-SAMLToolkit/examples/webapp/src/main/resources/valid-config.xml it says that you can replace the commented out portion with valid "Template SAML 2.0 Metadata". 

     

    I have replaced the commented section of this file with the metadata provided by Okta for my custom application. However, when I run my program, an error is thrown as soon as the SamlValidator tries to configure using the .xml file I created. Any advice on where to start looking?

     

    Thank you so much.
    Expand Post

  • gabriel.sroka1.4374539321839353E12 (Okta, Inc.)

    Hi Daniel,

    Can you verify it's valid XML? Do you have an XML editor or validator? Can you paste a copy here?

     

    Thanks,

     

    Gabriel Sroka
    Expand Post

  • g4970 (g4970)

    I validated that it was syntactically correct. The current XML that I am using is the following (I have replaced my actual company name with mycompany):

     

    <?xml version="1.0" encoding="UTF-8"?>

     

    <configuration>

     

    <applications>

     

    <application>

     

    <md:EntityDescriptor entityID="http://www.okta.com/exk6o98iwmuUMtJDq0h7" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">

     

    <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAuthnRequestsSigned="false">

     

    <md:KeyDescriptor use="signing">

     

    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

     

    <ds:X509Data>

     

    <ds:X509Certificate> *copied from Okta admin backend* </ds:X509Certificate>

     

    </ds:X509Data>

     

    </ds:KeyInfo>

     

    </md:KeyDescriptor>

     

    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>

     

    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>

     

    <md:SingleSignOnService Location="https://mycompany.oktapreview.com/app/mycompany_interfacesdjsminlocal_1/exk6o98iwmuUMtJDq0h7/sso/saml" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>

     

    <md:SingleSignOnService Location="https://mycompany.oktapreview.com/app/mycompany_interfacesdjsminlocal_1/exk6o98iwmuUMtJDq0h7/sso/saml" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>

     

    </md:IDPSSODescriptor>

     

    </md:EntityDescriptor>

     

    </application>

     

    </applications>

     

    </configuration>
    Expand Post

  • gabriel.sroka1.4374539321839353E12 (Okta, Inc.)

    Hi Daniel,

     

    The out-of-the-box valid-config.xml has a <default> element: 
    1.  <default>http://www.okta.com/k1nrrxspKOQEZEDLPRXR</default>
     

    but your XML file doesn't.

     

    Can you give it a try (using your entity ID URL)?

     

    Thanks,

     

    Gabriel Sroka
    Expand Post

  • yv0lu (yv0lu)

    Hi,

     

    I have the same exact issue. I have verified the XML (valid-config.xml) - it is well formed and according to the sample given in the saml-toolkit.

     

    Can you please post your solution?

    Expand Post
This question is closed.
Loading
How do I use the Okta IdP metadata to set up SAML on the Service Provider side?