<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00008tc63gCAAOkta Classic EngineAuthenticationAnswered2024-03-25T11:02:23.000Z2023-03-14T09:57:42.000Z2023-03-16T16:02:29.000Z

03lgs (03lgs) asked a question.

March 14, 2023 at 9:57 AM
How to configure OKTA SAML groups with Ansible AWX Authentication

I have successfully implemented OKTA SAML authentication with Ansible. Now i am trying OKTA groups mapping with ansible but unable to achieve.

Followed Doc: https://docs.ansible.com/ansible-tower/latest/html/administration/ent_auth.html*saml-authentication-settings

 

OKTA: GROUP ATTRIBUTE STATEMENTS

Name. Name Format Filter

groups Unspecified Matches regex: test_awx_*

 

How to configure from Ansible SAML Side?

 

And also I have Configured Requestable SSO URLs in okta application but while redirection from OKTA to Ansible application we are getting below error:

 

https://test-ans.net/sso/complete/saml/ is not a valid audience for this Response

2023-03-13 12:03:01,540 ERROR  social Authentication failed: SAML login failed: ['invalid_response'] (https://test-ans.net/sso/complete/saml/ is not a valid audience for this Response)

 

We are trying to use same OKTA SAML application for stage and Production. Guys please have a look and let me know if more details required from my end. Thanks

  • 3 answers
  • 1.91K views

  • Paul S. (Okta, Inc.)

    Hello @mdlxt (mdlxt)​ Thank you for reacting out to our Community!

     

    For settings on the application side, we recommend to reach out to Ansible support for additional guidance. In the mean time I was able to find this doc that might provide some assistance:

    https://docs.ansible.com/ansible-tower/latest/html/administration/ent_auth.html#saml-authentication-settings

    For the Requestable SSO URL, that need to be be a valid SSO URL on the application side. If you are looking for a redirect to a specific side of the app, you could use the Default Relay state on the Sign On tab in Okta application.

     

    Community members help others by clicking Like or Select as Best on responses. Try it today.

    Expand Post

  • 03lgs (03lgs)

    Hi @Paul S. (Okta, Inc.)​ 

    Thanks for your quick response. I am following the above doc whatever you have shared. Currently i am using below setting from OKTA side:

     

    OKTA: GROUP ATTRIBUTE STATEMENTS

    Name. Name Format Filter

    groups Unspecified Matches regex: test_awx_*

     

    May i know the above configuration is correct or not?

    And also we are using multiple tenant for one OKAT SAML application for that we are using Requestable SSO URLs to configured the multiple url's with same certificate and different key. May i know we are missing anything or we have other way to implement. Please let me know.

    Expand Post
This question is closed.
Loading
How to configure OKTA SAML groups with Ansible AWX Authentication