SAML Sign In Fails with OKTA as IdP

Publiceringsdatum: Mar 24, 2026

Beskrivning

After configuring OKTA SAML, users are not able to login. Additionally, the following can be found in the logs:

Caused by: org.opensaml.ws.security.SecurityPolicyException: Validation of protocol message signature failed

and:

<time stamp> (,,,) catalina-exec-2 : DEBUG com.tableausoftware.domain.user.saml.SAMLExtendedProcessingFilter - SAML login failed due generic exception Incoming SAML message is invalid

<time stamp> (,,,) catalina-exec-2 : INFO com.tableausoftware.domain.user.saml.SAMLExtendedProcessingFilter - SAML login failed, redirecting user to /#/error/signin/16?redirectPath=/wg/saml/logout/index.html

and:

<time stamp> (,,,) catalina-exec-2 : DEBUG org.springframework.security.saml.trust.MetadataCredentialResolver - Added 0 credentials resolved from metadata of entity http://www.okta.com/exk177go76l9YoHb11d8

Cause

The redirect URL in the current Tableau Server metadata was outdated.

Lösning

Re-export the metadata from Okta.

Ytterligare resurser

A quick test to see if the redirect is the issue is to try an SP initiated sign in. If this results in a 404 from Okta, then the redirect URL is incorrect.

Knowledge-artikelnummer

001473149

Löste denna artikel ditt problem?

Berätta för oss vad vi kan förbättra!

SAML Sign In Fails with OKTA as IdP

Cause

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List