SSO attempt looping

Single sign-on (SSO) attempt locking happens if the following items in the Okta configuration aren't set to the PingFederate assertion consumer service (ACS) endpoint:

  • Recipient
  • Destination
  • Postback URL

PingFederate error in server.log

The following error implies that the entityID used for the Okta connection is incorrect.

Top level error (ref#ftpcge): Unable to lookup idp connection metadata for
entityid='http://www.okta.com/<string>

Check your metadata or check with the Okta account owner to verify the entityID.