NareshD.49311 (Customer) asked a question.
I am working on a use case where Okta is integrated with an application using SSO via the SAML protocol. Now, the application needs to call one of Okta’s OAuth servers with SAML response to obtain an access token or ID token, so that the user can be authenticated without requiring them to log in again—this is needed to interact with a bot that asks the user some questions. However, when we try to call the API from the application using the SAML 2.0 Assertion flow, we encounter the following error:
{
"error": "invalid_grant",
"error_description": "'assertion' is not a valid SAML 2.0 Assertion."
}
Has anyone implemented this grant type before? What is the solution for this error? Any guidance would be helpful.
Hello @NareshD.49311 (Customer) , thank you for contacting Okta Community.
There is a previous post addressing this error in more detail:
Facing Assertion Invalid Issue in SAML 2.0 Assertion Grant
Additionally, if you have a paid account, you can open a Support ticket (Customer Support Account ID number required) so one of our engineers can analyze it and provide in-depth troubleshooting. You could also provide more details in a ticket that shouldn’t be given here, as this is a public space.
Please note that opening a support ticket is a feature available only to paid accounts. If you do not have a paid account, but are interested in upgrading, you can contact our Sales team.
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
This month's AMA topic: Okta Device Access. Ask away today.