Product: PowerShell Universal
Version: 3.3.3
I have setup SAML2 with Okta using the documentation. When I access PSU and am redirected to Okta login succeeds and I’m redirected to the desired page. When I click the app icon in Okta I end up on the /Saml2/Acs endpoint and SAML-tracer shows that I’m getting a 500 error.
In the log file there is a corresponding error generated:
2022-09-20 09:30:26.201 -05:00 [ERR] Connection id "0HMKR1PQ16I87", Request id "0HMKR1PQ16I87:0000000F": An unhandled exception was thrown by the application.
Sustainsys.Saml2.Exceptions.Saml2ResponseFailedValidationException: Unsolicited responses are not allowed for idp "http://www.okta.com/app_id_here".
at Sustainsys.Saml2.Saml2P.Saml2Response.CheckIfUnsolicitedIsAllowed(IOptions options, IdentityProvider idp)
at Sustainsys.Saml2.Saml2P.Saml2Response.CreateClaims(IOptions options, IdentityProvider idp)+MoveNext()
at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
at Sustainsys.Saml2.Saml2P.Saml2Response.GetClaims(IOptions options, IDictionary`2 relayData)
at Sustainsys.Saml2.WebSso.AcsCommand.ProcessResponse(IOptions options, Saml2Response samlResponse, StoredRequestState storedRequestState, IdentityProvider identityProvider, String relayState)
at Sustainsys.Saml2.WebSso.AcsCommand.Run(HttpRequestData request, IOptions options)
at Sustainsys.Saml2.AspNetCore2.Saml2Handler.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)