Ryan07/12/2022, 12:55 PM
There was an error with single sign-on. Please contact your Fleet administrator.
fleet: level=error ts=2022-07-12T12:55:25.527528789Z component=http user=unauthenticated method=POST uri=/api/v1/fleet/sso/callback took=3.385322ms err="response validation failed: wrong audience:fleet"
Kathy Satterlee07/12/2022, 2:16 PM
set up in Fleet doesn't exactly match with the one in your identity provider comfiguration.
Ryan07/12/2022, 3:11 PM
Kathy Satterlee07/12/2022, 3:43 PM
Ryan07/12/2022, 4:15 PM
attribute, and the value of entityID there matches
<md:EntityDescriptor entityID="bla" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
Identity Provider Issuer
, should that be set to something else?
Kathy Satterlee07/12/2022, 4:59 PM
Ryan07/12/2022, 5:00 PM
Kathy Satterlee07/12/2022, 5:01 PM
Ryan07/12/2022, 5:01 PM
Kathy Satterlee07/12/2022, 5:08 PM
have you created the app on the Okta side yet? Assuming that it's a SAML app, your entity ID is usually in the PDF that Okta provides in the sign on tab.
Ryan07/13/2022, 8:44 AM
Kathy Satterlee07/13/2022, 2:04 PM