Good morning team I m working on Okta integration today and

Question

Good morning team I m working on Okta integration today and am running into this error Mar 23 15 35 19 lt hostname gt fleet 5941 component http err response validation failed wrong audience fleet level error method POST took 8 576283ms ts 2023 03 23T15 35 19 891266573Z uri api v1 fleet sso callback I saw in a previous post where this appears to be an issue with the entity ID After looking at the metadata it looks like the Entity ID in Fleet and the metadata are identical Has anyone else run into this

Kathy Satterlee · Answer

Hey < Mike S > It definitely sounds like the Entity ID is the most likely culprit Those are case sensitive could that be a factor

Mike S. · Answer

Not that I can tell I copied pasted it but I will double check that

Mike S. · Answer

And hi < Kathy Satterlee>

zwass · Answer

Can you check your config matches <https fleetdm com docs deploying configuration okta idp configuration>

Mike S. · Answer

It does match that so we should be good there

zwass · Answer

Do you have `Entity ID` set to `fleet` in the Fleet SSO config

Mike S. · Answer

Yes

zwass · Answer

I notice the SAML you shared has an `saml2 Assertion` at the topmost level rather than a `saml2p Response` or `samlp Response` at the top level I think that s probably the issue Any idea why that would be See some example responses at <https www samltool com generic sso res php>

zwass · Answer

The examples in Okta s docs show the same top level items that we expect but your response doesn t have as well <https developer okta com docs guides saml tracer main >