I have been trying to configure SAML (okta) on AWX without success for some time now.
The user is getting a 400: Bad Request Error Code: GENERAL_NONSUCCESS error.
The current SAML configuration:
SAML_AUTO_CREATE_OBJECTS: false
SOCIAL_AUTH_SAML_SP_ENTITY_ID: 'AWXURL'
SOCIAL_AUTH_SAML_SP_PUBLIC_CERT: "{{ lookup('ansible.builtin.file', './cert.pem') }}"
SOCIAL_AUTH_SAML_SP_PRIVATE_KEY: "{{ lookup('ansible.builtin.file', './key.pem') }}"
SOCIAL_AUTH_SAML_ORG_INFO: {
"en-US": {
"name": "OKTA",
"url": "AWXURL",
"displayname": "OKTA"
}
}
SOCIAL_AUTH_SAML_TECHNICAL_CONTACT: {
"emailAddress": "foo@bar.com",
"givenName": "FOO"
}
SOCIAL_AUTH_SAML_SUPPORT_CONTACT: {
"emailAddress": "foo@bar.com",
"givenName": "FOO"
}
SOCIAL_AUTH_SAML_ENABLED_IDPS: {
"okta": {
"attr_email": "Email",
"attr_first_name": "FirstName",
"attr_last_name": "LastName",
"attr_user_permanent_id": "name_id",
"attr_username": "UserName",
"entity_id": "http://www.okta.com/ID",
"url": "https://ORG.oktapreview.com/app/APP/ID/sso/saml",
"x509cert": "MIIIIIIIIIIIIII"
}
}
SOCIAL_AUTH_SAML_SECURITY_CONFIG:
requestedAuthnContext: false
SOCIAL_AUTH_SAML_SP_EXTRA:
SOCIAL_AUTH_SAML_EXTRA_DATA:
SOCIAL_AUTH_SAML_ORGANIZATION_MAP: {
"FOO": {
"admins": true,
"users": true
}
}
SOCIAL_AUTH_SAML_TEAM_MAP:
SOCIAL_AUTH_SAML_ORGANIZATION_ATTR: {}
SOCIAL_AUTH_SAML_TEAM_ATTR: {}
SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR: {}
On Okta side the admin has set the following mapping
Any ideas ?
Thank you
