Okta SSO not working

I am having trouble getting SAML integrated with Elastic. I used a 14-day Trail and got it to work there, but now that I tried to integrate it into our production environment I am getting errors.

Below is the yaml for our prod environment that isn't working. This is roughly the same that was used in our dev environment except some of the values were different due to us using Okta preview as opposed to Okta for testing.

xpack.security.authc.realms.saml:
  saml1:
    order: 2
    idp.metadata.path: 'https://company.okta.com/app/exklsxxxxxxx/sso/saml/metadata'
    idp.entity_id: 'http://www.okta.com/exklsxxxxxxxxxx'
    sp.entity_id: 'https://company.kb.us-east-1.aws.found.io:9243' # Make sure there is no trailing "/"
    sp.acs: 'https://company.kb.us-east-1.aws.found.io:9243/api/security/saml/callback'
    sp.logout: 'https://company.kb.us-east-1.aws.found.io:9243/logout'
    attributes:
      # Or replace with another SAML provider attribute you prefer to map to the username
      principal: nameid

This is the documentation I followed.

I would also like to note that we are using a cloud-hosted environment

You should open a support ticket since you are on Elastic Cloud... After all you're paying for support. This is just the community site :slight_smile:

Hi! So they actually referred me to here since we don’t pay for consulting support only fix/break support.

Ahhh I/C yes that has changed recently apologies!

Well you in the wrong docs ... you are in Enterprise Search you should be in Elasticsearch Service (Elastic Cloud) Take a look.

Normal SAML

Here is the OpenID OKTA example I think

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.