Okta SAML setup with AWX 9.0.1

Hi everyone,

Been trying to setup Okta SAML authentication in AWX 9.0.1 and it keeps redirecting me to /#/login with a RelayState error, and I’m getting a bit confused.

Here’s my redacted Identity Provider configuration, maybe I’m missing something:

`

{
“okta”: {
“url”: “https://sidlee.okta.com/app/sidlee_ansibleawx_1/{entity_id}/sso/saml”,
“attr_last_nane”: “lastName”,
“attr_email”: “email”,
“attr_user_permanent_id”: “email”,
“x509cert”: “{okta-provided_cert}”,
“attr_username”: “userName”,
“attr_first_name”: “firstName”,
“entity_id”: “http://www.okta.com/{entity_id}”
}
}

`

In Okta, there’s nothing set in Relay State (it’s the default blank value)

My SSO URL, Recipient URL and Destination URL are all the same: https://ansible.domain.com/sso/complete/saml/ , with Audience Restriction as https://ansible.domain.com/sso/metadata/saml/

Not too sure where the issue might be at that point, and I can’t seem to be able to get additional information from the internet as not many people seem to be using Okta with AWX/Tower.

Thanks in advance!

Quick update: RelayState error is now gone, now I simply get redirected to “/#/login” with no error message, nothing, which is kinda worse

Bit of info I got from looking at the Dev Tools:

• Okta part seems to be fine
• Redirects to https://ansible.domain.com/sso/complete/saml/, which returns a 302
• I get sent to https://ansible.domain.com/sso/error/, with returns a 301, and sends me to https://ansible.domain.com

PROBLEM SOLVED!

Issue was twofold:

1. Was using the new Edge Chromium, who for some reason was NOT showing the error on the login page after it had failed. Switching to any other browser worked for testing, which showed a port issue.
2. Port issue was caused by the Nginx reverse proxy, who needed some extra configuration to pass the forwarded port/IP properly.
   Now everything is working properly!