Following a recent upgrade of FNMS from 2020 R2 to 2022 R2, we have encountered issues with our Octa integration. It has come to our attention that Flexera has switched the SAML library from KentAuthService to Sustain.Saml2, resulting in the disruption of our integration.
We have taken the necessary steps to address this issue by providing all the relevant details in the SustainSys.Saml2 section and updating the Config WebUI.
However, upon accessing FNMS, we are being redirected to Octa and receiving a SAML response. Unfortunately, FNMS is reporting that the returned SAML response contains some mismatched data, but it is not explicitly stating the exact nature of the mismatch.
At this time, I am experiencing difficulties in identifying the exact cause of the mismatch.
The error showing up in the webui log
Request afbb9677-ac93-4df1-a823-d4a7bc8001c9 failed referrer validation (reason: host and referrer URLs have mismatched scheme/host/port details). Host: 'https://sam.blahblah.ae/' Referrer/Origin: 'https://blahblah.okta.com/'
If the request is proxied through a load balancer that is terminating SSL connections, make sure it is setting the X-Forwarded-Proto header to 'https' OR the Front-End-Https header is set to 'on'
‎Mar 08, 2023 08:50 AM - edited ‎Mar 08, 2023 08:50 AM
Within the Okta app you will want to update the 'Recipient URL' and 'Destination URL' so that it has the same value as the 'Single Sign On URL'
I believe this can be found within the Okta app here:
applications > applications > general > SAML Settings
‎Mar 15, 2023 05:49 PM
Within the Okta app you will want to update the 'Recipient URL' and 'Destination URL' so that it has the same value as the 'Single Sign On URL'
I believe this can be found within the Okta app here:
applications > applications > general > SAML Settings
‎Mar 15, 2023 05:49 PM