When setting up SAML for a ConnectALL installation that is front-ended by a proxy or gateway like Azure App Gateway, the following error is seen in the logs:

ERROR yyyy-MM-DD HH:mm:ss,SSS http-nio-8080-exec-6 org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder - SAML message intended destination endpoint 'https://connectall.example.com/ConnectAll/saml/SSO' did not match the recipient endpoint 'http://localhost:8080/ConnectAll/saml/SSO'

This is caused due to a mismatch between the IdP's redirect URL and ConnectALL's configured URL.

Modify your SamlConfiguration.properties file

Add this line:

ca.base.url=https://connectall.example.com/ConnectAll

Restart the UI service

keywords: SSO okta