ChrisR.90670 (Customer) asked a question.
Hello, I'm trying to intergrate Okta with Duo via SAML where Okta is the IDP and Duo acts as the SP. I've configured a SAML app in Okta and have configured Duo with the necessary Okta information, but it looks like Duo expects Okta to send an encrypted assertion and it is not doing it. Reading up on the issue it appears there used to be an option in Okta's SAML settings to allow encrypting the assertion (see for example https://stackoverflow.com/questions/40114261/how-encrypt-and-decrypt-a-saml-assertion)
But the options they talk about in that stackoverflow as well as the documentation referenced do not exist any longer in Okta it appears. Was this feature previously available but no longer available? Or is there some way I'm not seeing to activate the encryption?
do you add duo by OIN or by create application with wizard? this option should available in advance setting by create application with wizard.
Hello @ChrisR.90670 (Customer) Thank you for reacting out to our Community!
The option is still there, for Custom SAML application. If you are using a Custom SAML app, this option under the General tab of the application->SAML Settings-> Configure SAML->Show Advanced Settings and change "Assertion Encryption" from Unencrypted to Encrypted. Please note that you will also need a certificate for this. This is usually provided by the SP.
Please see below a screenshot with the settings and our doc as well:
https://help.okta.com/oie/en-us/content/topics/apps/aiw-saml-reference.htm
Community members help others by clicking Like or Select as Best on responses. Try it today.
What you missed: new product releases and other announcements
Thank you @paul.stiniguta1.508386743840768E12 (Okta, Inc.) but I think we are seeing different things. Maybe I'm not using the right integration? I set up this app integration:
In the "General" tab there are no SAML settings. I only see this:
The "Sign On" tab does have some of the settings shown in your screenshot, but nothing about assertion encryption.
Both your comment and the previous person's comment make reference to a "wizard" to help set up the app, but I don't see any wizard in my account. It shouldn't be that hard to find, should it?
Any idea what I'm doing wrong here?
Hello @ChrisR.90670 (Customer), The application that we usually recommend for SAML applications that is located under Applications -> Create App Integration and from the menu that appears select SAML 2.0.
Community members help others by clicking Like or Select as Best on responses. Try it today.
What you missed: new product releases and other announcements
Ah thanks for that. Yes, creating an application that way does appear to have all those fields. I wonder what a good use case is for the SAML application that I found in the app catalog