Hi, I’m trying to get an OKTA SAML integration for NiFi. I set up nifi.properties using the information provided by okta. The domain information is dummy for security reasons. I set up the entityId and ACS information in okta correctly.
<nifi.properties> nifi.security.user.saml.idp.metadata.url= https://okta-site.com/nifi/okta-saml/metadata.xml nifi.security.user.saml.sp.entity.id=mysite-entity-id nifi.security.user.saml.identity.attribute.name= nifi.security.user.saml.group.attribute.name= nifi.security.user.saml.request.signing.enabled=false nifi.security.user.saml.want.assertions.signed=true nifi.security.user.saml.signature.algorithm= http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 nifi.security.user.saml.authentication.expiration=12 hours nifi.security.user.saml.single.logout.enabled=false nifi.security.user.saml.http.client.truststore.strategy=JDK nifi.security.user.saml.http.client.connect.timeout=30 secs nifi.security.user.saml.http.client.read.timeout=30 secs But I’m getting a 401 error in ACS(/nifi-api/access/saml/login/consumer) for processing SAML Assertion after saml authentication from okta. The payload SAMLResponse delivered to ACS after OKTA login contains user information as expected. Is there anything else I should look at to resolve this error? And I received one cert file from okta, how am I supposed to use this? The metadata.xml file provided by okta also contained the contents of that certificate. I’ll also add the nifi-user.log trace information. 2024-02-29 01:50:52,689 DEBUG [NiFi Web Server-110] o.a.n.w.s.c.StandardApplicationCookieService Added Session Cookie [__Secure-Request-Token] URI [https://my-site.com:443] 2024-02-29 01:50:52,689 DEBUG [NiFi Web Server-110] o.a.n.w.s.NiFiAuthenticationFilter Authenticating [null] 2024-02-29 01:50:52,689 DEBUG [NiFi Web Server-110] o.a.n.w.s.x509.X509CertificateExtractor No client certificate found in request. 2024-02-29 01:50:52,689 TRACE [NiFi Web Server-110] o.a.n.w.s.j.r.StandardBearerTokenResolver Bearer Token not found in Header or Cookie 2024-02-29 01:50:52,694 DEBUG [NiFi Web Server-110] o.a.n.w.s.c.StandardApplicationCookieService Removed Cookie [__Secure-SAML-Request-Identifier] URI [https://my-site.com:443] [image: Screenshot 2024-02-29 at 1.42.52 AM.png] Have a nice day :)
