SmitP.74159 (Customer) asked a question.
While login from SAML, getting 403 Forbidden Error on multiple servers
Hi,
I have created one application in which I have used SAML integration to log in. Now I am having multiple issue in it server wise
- on qa.uffizio.com server, When getting callback from the OKTA SAML my servlet is showing 403 Forbidden issue and The code in that servlet file is not being executed
- On the trakzee.uffizio.com server, when I click on login from my page, I am having the same issue on the servlet which is executed before the SAML authentication.
In both cases, I have followed every possible path to get the answer, but I am not able to debug for both.
Please Find attachment for your reference
Screenshot of Point 1:
Screenshot of Point 2:
[REDACTED by Moderator]
Thank you,
Smit Pandya
[REDACTED by Moderator]
Hi @SmitP.74159 (Customer) , Thank you for reaching out to the Okta Community!
As far as the Okta side of the configuration goes, it's pretty straight forward. Based on the information provided by the SP (service provider / app), the SAML assertion is sent including a certificate and any preconfigured attributes.
Based on the screenshots provided, the app is rejecting the authorization. You will need to review your configuration both on the Okta side and the app side to confirm it matches.
You could also look into possibly troubleshooting using SAML Tracer.
Okta's SAML implementation typically supports both Identity Provider (IdP)-initiated and Service Provider (SP)-initiated login flows. However, some applications or configurations might only support one flow or have specific requirements that need to be met for either flow to work. You will need to confirm that on the vendor side.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.
Hello Mihai, Thank you for your response.
I have checked the configuration on both sides, and it is the same. Still, I am having the issue and can't figure out how to solve it. I have also checked with SAML Tracer, but it's showing me the same as it is showing me on the network. I have reached out to OKTA only after that. Can you please provide me the solution or help me out finding the solution?
If you need any detail about my development, you can reach out to me; I will provide that information.
Thank you
We can provide general guidance and documentation, but in-depth troubleshooting is outside of the Okta Community forum scope.
If you have an account with us and are a SuperAdmin/Case Admin, please open a case to work with my colleagues from the Support Team to investigate this further. They'll be able to access additional tools and resources to help you get to the bottom of it.
If you are an application vendor trying to implement a new app to be published to the Okta Integrations Network, please review the following process documentation to identify the appropriate support option.
Publish an OIN integration
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.
If you feel the 403 error is coming from Okta then you should review the Okta logs to see if you are hitting a policy that is restricting access or perhaps your IP is being blocked by ThreatInsight. Here are a couple Knowledge Base articles that might help.
https://support.okta.com/help/s/article/User-is-unable-to-login-with-403-forbidden-access-error?language=en_US
https://support.okta.com/help/s/article/403-Access-Forbidden-When-Navigating-To-Login-Page?language=en_US