Error 405 when trying to login OKTA SSO

Hi Support team,

I encounter this error 405 - HTTP verb to access this page is not allowed after successfully login OKTA SSO

this is the saml.config for the OKTA setting


I did stamp log to check and the returnURL return null


I try to figure out the solution for this but couldn’t find any answers. Do you have any idea on how to solve this error? Attached is the log file


Thanks for the log and other information.

The log shows a number of calls to SAMLServiceProvider.InitiateSSO but no calls to SAMLServiceProvider.ReceiveSSO. In other words, SAML authn requests are being sent to Okta but no SAML responses are being received. I assume the 405 error is occurring when the HTTP Post from Okta is being received.

According to your local SAML configuration, the assertion consumer service URL is https://…/hrmsnet_spbt_sso/SAML/AssertionConsumerService.aspx. However, the URL in the browser’s address bar is https://…/hrmsnet_spbt_sso. Please check that the Okta configuration has the correct URL.

If there’s still an issue, I suggest using the browser developer tools (F12) to capture the network traffic. You should see an HTTP Post containing the SAMLResponse. Assuming you do, confirm that the URL is correct.

[quote]
ComponentSpace - 12/17/2020
Thanks for the log and other information.

The log shows a number of calls to SAMLServiceProvider.InitiateSSO but no calls to SAMLServiceProvider.ReceiveSSO. In other words, SAML authn requests are being sent to Okta but no SAML responses are being received. I assume the 405 error is occurring when the HTTP Post from Okta is being received.

According to your local SAML configuration, the assertion consumer service URL is https://..../hrmsnet_spbt_sso/SAML/AssertionConsumerService.aspx. However, the URL in the browser's address bar is https://..../hrmsnet_spbt_sso. Please check that the Okta configuration has the correct URL.

If there's still an issue, I suggest using the browser developer tools (F12) to capture the network traffic. You should see an HTTP Post containing the SAMLResponse. Assuming you do, confirm that the URL is correct.
[/quote]

Thank you for the clarifications. As check with the OKTA configuration, they try to set the URL to https://spbt-uat.orisoftsaas.com/hrmsnet_spbt_sso/SAML/AssertionConsumerService.aspx
the error 405 no longer showing but then the page keep looping infinity after successfully login. Is it the OKTA setup correct?



As far as I can tell your configuration in Okta is correct. It sounds like your SAML/AssertionConsumerService.aspx page is receiving the SAML response but then the logic is looping somehow.

I suggest either adding some trace to this page or debugging it and setting a breakpoint to follow the logic.

The ExampleServiceProvider’s SAML/AssertionConsumerService.aspx page demonstrates calling SAMLServiceProvider.ReceiveSSO to receive and process the SAML response as well as logic to automatically login the user locally and redirect to the appropriate page.

[quote]
ComponentSpace - 12/18/2020
As far as I can tell your configuration in Okta is correct. It sounds like your SAML/AssertionConsumerService.aspx page is receiving the SAML response but then the logic is looping somehow.

I suggest either adding some trace to this page or debugging it and setting a breakpoint to follow the logic.

The ExampleServiceProvider's SAML/AssertionConsumerService.aspx page demonstrates calling SAMLServiceProvider.ReceiveSSO to receive and process the SAML response as well as logic to automatically login the user locally and redirect to the appropriate page.
[/quote]

Hi Support,

Thanks for the reply, we have checked the program resulting its our problem that infinite loop happens. ReceiveSSO response is working fine now. However, we are facing a random occuring issue during SLO, the error as shown below:

Sometimes SLO is working fine to redirect into IDP page for login again, sometimes its throwing error message above which is quite unusual.

Appreciate if you can advice on the above matter.

Attached log file for your reference. The error is found under last end line in the log file.

We use a SAML_SessionId cookie to support the SAML protocol. This cookie is marked as secure. The HTTP Post of the SAML logout response from Okta doesn’t include this cookie and therefore we have no knowledge of the previously sent logout request.

Please ensure you’re using HTTPS throughout your application.