<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z000080g569CAAOkta Classic EngineOkta Integration NetworkAnswered2024-04-16T12:54:29.000Z2022-08-24T17:50:28.000Z2022-08-25T17:32:45.000Z

81tyv (81tyv) asked a question.

August 24, 2022 at 5:50 PM
Can not finish a SAML integration - The SAML response does not have NameId in the assertion

I'm trying to set up a SAML integration with JIT for the identity provider but I keep having the error - The SAML response does not have NameId in the assertion.

 

I tried to decode the SAML response that came in the network browser but I could not decode the information.

  • 5 answers
  • 1.43K views

  • JaniK.29243 (Customer)

    Hi @81tyv (81tyv)​,

     

    Did you try e.g. SAML tracer? You should see the assertion without any decoding. Anyway, it sounds like the assertion doesn't have the username and that's why it is not working.

     

    -Jani

    Expand Post

    • 81tyv (81tyv)

      Hi @JaniK.29243 (Customer)​ . Thank you for the reply.

      Here is the return of SAML trace:

       

      <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

      ID="_87c866ac-ab7c-4134-ad5c-c1ff8ad594cc"

      Version="2.0"

      IssueInstant="2022-08-24T17:13:11.551Z"

      Destination="https://voxy.oktapreview.com/sso/saml2/0oa1bn33anoRCRvzh0h8"

      Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"

      >

      <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adfst.mdc.edu/adfs/services/trust</Issuer>

      <samlp:Status>

      <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />

      </samlp:Status>

      <EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion">

      <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"

      Type="http://www.w3.org/2001/04/xmlenc#Element"

      >

      <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />

      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

      <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">

      <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">

      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

      </e:EncryptionMethod>

      <KeyInfo>

      <ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

      <ds:X509IssuerSerial>

      <ds:X509IssuerName>E=info@okta.com, CN=voxy, OU=SSOProvider, O=Okta, L=San Francisco, S=California, C=US</ds:X509IssuerName>

      <ds:X509SerialNumber>1556046927470</ds:X509SerialNumber>

      </ds:X509IssuerSerial>

      </ds:X509Data>

      </KeyInfo>

      <e:CipherData>

      <e:CipherValue>OUB7U3AGBA4Zhrr9CmP7rAKyFpXV0Rrs+YhlYwehhRvUCEwiYMH6TNlj1UctOTdAKYhF0x65UiAIBAd4z1WMFrFBkM1Td6NegK3o3LqtP3g7XH7Cq+1hpM4Lvc9dqZ5ZdbaG+sDVK3v/ygFTG0j0kBbPyGgGVKwzU/zENO83dYCvT6uKFICrpgaNZCQIB7MwIoNJBmxgAWkGQ7NifdHM2nLFYCxKl5ywD01ynKOxl8Q3Mbw0sE5o03ELb/zZ9l31nrspFfAMnOp9aVUWN4iVEOM8Lx7Ct4pbVll8fWjQZKwo+T0YMYW7yIHFF74HyBaF6sVyh3nGASiLLwMUmc8u+g==</e:CipherValue>

      </e:CipherData>

      </e:EncryptedKey>

      </KeyInfo>

      <xenc:CipherData>

      <xenc:CipherValue>8bKmnm7zvqH0uK5upex33hf9QEYZNymqzoYVGot2H1QUKiImBYl1C4s7+kMR7YbFw+l34YOqhD7FR/XooLUrjGXisRKO+GknI72/xw2ZhNyUKEBpgPp3Hp2mY7IypQGe7BgqS1yq2CNDKJi9jKuIKFdaTOHwCYHcWguz7wr2KM1IUN8vFyTnOjXVoY/tjo4sCkAhZARpIV4/z+rARKSuISL057n0K1f+efmTE5IRwxuP8bl8k4pESwV+rwZKoSSmxi/k8f6WzLuIwwWUPfkIngvanIOfNJSUttaX7jZMxZ3KgbLrY76LN2gDw044AxLlqfInUVlJW4RgTmgu+O4LB3Iej3uimWroQSJK5IX4/VxApwiyc7NSpxB6Y+Ol8tgBZmGRq7oSiyOW5kl/esIpIL5t/BuMtIxdlGWUTwNHkXBopnXU6BitWgFsW3hpwt9G7t3Amx38kxx4AsnT5O8tvskgjLydrrAbeYEmzTqvbOxMzP813gZ06pzOmesTtTiQLbK5Z3f5RabuJeTBPYQJRiNVDHP1pggNhgfS4ZxZi5spbZIiQ3+m3VLs4clHl/qTm9dGQXGjE6XDZbuRukz2ShKRtzfYvpQrRkVoqstymh8H19a07+BJqvCGQURjj/HZk0U5MftCt0CX6Mm/WLhREo0NDuV0S+ZuwSWA/DFf44G9winojga10Yy1MxIzIGDizlPsNI1sAvKabjihT7x06MAQDnKZEJY93JLV+sBeua5Ze2TO2LpKEWIwO4zl+i8ypBjJsvKrU7Qsf3QlOANEwhEZ5icmtG+nKPsO2YbqJw/Wi1BARcWK83CUktKQA8AavAMc9lL8cRpdu3CxPWbPVvXxBisWvVNd8LOw/HQMlPXAV707acMMcKe8V8C3ztHOs7LLoqcw37G0iBMFHkD70Eb6Hs80LmvmTjvxUOCYgB7cXMNird79oj5aMZv2V3jWklvoDhk63hEz6e4K6Hh8SCmzI36Ret5hMEuURDfinkunedxQgyxLNpmbpgjiGW3qnxtzeccwZNHpZoUklx9h7Vj6Ag4aQCtjTFq4xAxSBR2pDtTj0dWsJxXeNk3OdUJGEk90P0iwBZ/wo73bDV+mvpPcT3hpX6Y69nEQsguetn0+hByj/Psw643wb0OBnWsPUEMknyc3dvTYlHkPV7z3LFGvHxGi1F9ropELiRckM6VO+95uWf9qwnYPqNDmPBODuUw5f1D0vZAzg/qih1l3ozVZVnGDEsxqLTmEeiLDMmWdd1Yk/Di/p5x6Ztyo3yAP/wMoh6F5KIqthWIPqQjG3AqXJCuJ4wMCxmF385Qs7+rh6STU34w82f/RcBgZIDpXLLdEs2TltNNdK9kqkyJ5AzECi26iXc1tGKzL8ltCU9TPdkkFe8W2vM2Ey9+iYs7pZf9QHQDreFSWLmYK1wTCH75JG/b5pToNHqYHhpw1GuFqCGYTMZDMaEOElWtPS3x0dq+nx460WtPobTKKbYV+rTQyBy0JyvQJvNfUFpOVrVEaL3c/C8kDCYhiM+xvDemwxfgxKnSj7SqmK+Nllnr8bHVG0gAlzPP8N3MHADMveFCkXcGKMvFDLHq8U2bMSzECEp+y2YBJ317QfLOWDK/hST1NQpxZ0Vf3/yXPdtxOYMhQOx17OT8OA8atO47zv7gEyb4+xy8XVUauIP0XGO09S685fl+VvZNbdayGKE6OhP3MxGtgfI9aUrTaY0hsrhYm4WImyCg6iTd/EZYc789dM7fTwS9un7EHWiTzyNe3cTaoLI+/EXOiqad0tBAX2jTET5JRf2DtSGxDXPS11rDLu1sXrQhbxD5We2jqoTutqg0BwxaurHwyc5CbDYruOK6cMQh74o/V02N7LEjyMYvoAm0qkPKXGoGwLRdP89xvPwxV8IAa53njzQ39Kfq4u2/hJTfKqD0aweKWp6+7nlicQ0QYJFgMONZ/WwBStro42IvP+uZvCpREQJHoGNafTLH3hXGa6ZHEWHGcXEGQKhm8n/6Ij0YAUqHG3Ctb5xueW335y4Akiwkw4v+Ej/dSbFQ+5B500t6S17Dofiq95LH+MVlEr/GkHbPNSHTkAO1auefmk9k0qF/vm8hJCkODfGk0F8oDIjxbXVYtdBEY6qwFd5on3jXq2y9sC7gjFWEULPkcFGPOk2OnuwtCu7z27FYY59sgAF0ABNXJCuuoUwlshN/n312PyeSH24SZm58uU1WS2F8zVmV4ANwpBOWKxcql305sRSRy+pi2Lv0eNpHDUwq7gIdlc9GShkY7LWkRfCQhEvPVRJD7eqPNpEJme+rmor3L+7MbTlD7+iNLSeTj+QAPozYPbPFKS4w7OarE/bScw5uWfBX/JWnC30ipAmGlJ9/pKgd0DyeufaNhCpx3LdkXHm7U4vRkIuFc+/oTCFVSPMKcUyfDMGAyBzUcJZpCsQnpwgIkMovvjrojTbnpz47tVpXoeY4UNZJHc11UT6eGUe2OcNbIm/coCmBIM9q7phQmMVmcJAIfyKLrahApb8I4oddfTxBK7WuGbmMx/DW6xR2tKGEAHuGWiEXPKduqlPsqeWpudNPOyeOp8KCl+SCxVd65G/vm+v1tS8+wirst1D5o+rXnX8o95QeJc6WHrSikVC2stMfhBr0caQFfv3wVm3LtfZnpq4BpYYujr8EsRX2Z0l0pfToXC2AwQepqKV3uTGt0ZuG6YnlASDea910/p0r/om/J9HgHNKvINKzCSrguQLT7DMxvolHECjNzymwR0TVtLaYmQTQzu9sIqQUJpJRy/U7F1QWs2xxWmzqQgnU7vfHUxtNtd1Wki5npkZtKj2m7UBuSfFKxAI4qgNHE9wyBmYW/XF1WL+Z2VzjaA+XwervEWIZULCn1h3BtVWmgtXzWeQEEZhbteuhFpb61r91Tx6fWbmfahjuzq+VZ0dswrEBiBuA2yQGgeIK+vfgQnvPpG7Xcd0W7ucUjxyeThbEd7lLuSr0A0Z8MdQjkgNwfId+dRRLarQJYCKp9wMhTHZ7BI7vx9P43s2tpLjGzmc+RP6gZltzp0L2wuatiG1fn9vnHtiWfacZdG9exb0x8bq3d1MVVsWZ/sMsq5DiY9DWEVTZkccOLbFq1XLLf2+AzERfy8r6ByfrUZtvA/WoRiP/F7SioLYVj+4B6neVnQ3anMPH1Ws0KeCf58089R1OBZspsfWCZEdauQMWnM7m1eqD6fjugRt8VEds/gfABogMJqXtIWRZSol0N5w/+GtJ5FccaCk4/HHj30qDB14pBjCMz+FzmxM2P9TZCSbIEumVMQWwJCLXELY2aK+7VClEtkyno8VdgQyt2IJbGKpZHT2tWMgYkYET7dgP1iK/RcZMVk22igRta5Lc8XOAMXj6Tab9ewaz1/uR1h9hfznpv6Utu49op0u+J7f2tYwd213zxKMkKxmthBJurhsbzUfkg6RcRk56kqRqNVKPRBPXYoqqxTqbZU1xyIi1jjHHDRWgmawjKVZHiytSi82zJy3dK7zU6uRFczPpKDJm1wqpTAV1TGaLkFDyE2TJzcUpc+apnlQcgWbC8bZUU5bIui2pEG0a4IdsH2WNU84FtoayOLIEpA21MgtS7VxI6sA4n3F9T27VIOIHwOblE3LCLSfHU9usdCz77gFsMpAG1+6yIHQ+ZjWlN/ysulS1EvwPOA7tpHLKOzzLOyBiFp0Xej74GY18UC8Ezd0Q6gBnnAHGL0MTakUXt7A3TDokhhYqIvSRhl06VEQLABKvw7OZpBX+KtiStq/+5WhljSP4Bai/fp4tMuaGHPn6ssKLhIz0XY/xSddcic1byv232PkvTcCiD1pgIeLzYlKMdctoTYa2Xk2rMRpqkVy2+UrgBloLwRq865Ar5OMDwwhHdXc0cfG2DhucIHVXQVNdFpytDmeg52bDwaXBdv+3P3xJksdcUSik0OmAV7l8mI4xF3MokpEv9leLGpCfOnDdU3ltEpqBosJlwQR2wXcqfJw1HuETDqZKFb0qENC6IuqSDBycS2Qy+byx0RXBwRFzEFJ7VV7IF+kkR267ybi78r4DePrhyaaphOaGMY8WfAWIkhrmdjiU8izuY6XRVZvg72ml75Jl0l4XoS0AL005EGYmZQkl4KCn/XR9FByUZQ3yeVPvLmRqaw1dWNHDm2mD/lqywv+wGAqQ0d3vvSfMD3CEHqmjbwyNkEsLit5GS9JzW9ShagyHdMD8cbum2ALGhP30LlJnZCBfd8WBsx+/UeIv0F9GkuQ7p8GB2gmclzfJcghulhVmt+jGrYHBjtsro0INEoA8WxE8ZcFl9EKOo/Ezetk1WCc1kMb7LHc+gjEc/J1k2WQ3yfO4Qi0NXos+anwX9yF3NgfUB9w2YRkXDw6KdTGrl45hbpxvGmnV6zjgy+LGySjTAYgV4O3uHv9YZqaJA</xenc:CipherValue>

      </xenc:CipherData>

      </xenc:EncryptedData>

      </EncryptedAssertion>

      </samlp:Response>​

      Expand Post

      • JaniK.29243 (Customer)

        @81tyv (81tyv)​,

         

        Like you can see the assertion body is decoded and so you can't actually view it. Can you disable it and test again?

         

        -Jani

        Expand Post

      • 81tyv (81tyv)

        Thanks for the reply @JaniK.29243 (Customer)

        How can I disable the SAML response for being decoded?

  • JaniK.29243 (Customer)

    If you look at a SAML application in Okta you can switch the "Assertion Encryption" setting to unencrypted, but if you only do this on your side the whole connection will break, I believe.

     

    -Jani

This question is closed.
Loading
Can not finish a SAML integration - The SAML response does not have NameId in the assertion