If you enabled SLO for Okta the logout fails when initiated from Metabase.
To Reproduce
Set up Metabase v49
Create a keystore for signing SSO requests & export the cert in PEM format
Set up a test SAML application in Okta
Enable single logout in Okta (it requires digital signing)
Set up SAML in Metabase with the keystore you created and the Okta settings
Set up a test Okta user
Login via SSO as the test user in Okta
Note that logging in with the signed request works as expected
Try to logout
See "error 400" page
Expected behavior
SLO should work with Okta
Logs
No response
Information about your Metabase installation
v49
Severity
annoying
Additional context
I suspect that we're failing to sign the the SLO request and that we're supposed to be directing the logout request to Oktas SLO endpoint (it looks like we may be hitting their sso endpoint instead).Handy links
Describe the bug
If you enabled SLO for Okta the logout fails when initiated from Metabase.
To Reproduce
Expected behavior
SLO should work with Okta
Logs
No response
Information about your Metabase installation
Severity
annoying
Additional context
I suspect that we're failing to sign the the SLO request and that we're supposed to be directing the logout request to Oktas SLO endpoint (it looks like we may be hitting their sso endpoint instead).Handy links
Okta docs:
Quick run through in Loom: https://www.loom.com/share/9bf0882488ba480c8016a08b5e8002bd