SAML Authentication not working for Kibana

The SAML integration with OKTA doesn’t seem to be working. I keep getting redirected to customerror?type=samlConfigError#?_g=() or to this /customerror?type=samlAuthError#?_g=().

I have enabled debug log in the elasticsearch machine but the request doesn’t seem to reach the es machine.

The kibana is running on a different server and the kibana_url added in the OKTA app is being proxy passed through a nginx machine.

Here is the opendistro_security/securityconfig/config.yml file:

 saml:
       enabled: true
       order: 1
       http_authenticator:
         type: saml
         challenge: true
         config:
           idp:
             metadata_file: metadata.xml
             entity_id: http://www.okta.com/3jnkj3nlwj3nlekn3lkn2
           sp:
             entity_id: kibana-saml
           roles_key: 'Roles'
           kibana_url: https://kibana-node-1:5601
           exchange_key: 'asd4nlksanflkanl3k2nlknlk'
       authentication_backend:
         type: noop

In the kibana.yml I have added these two blocks as well.

opendistro_security.auth.type: "saml"

server.xsrf.whitelist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout"]

Nothing in the logs is helpful, the request do go till the kibana machine but nothing after that.

Update: I enabled debug log on the elasticsearch machine and now I am getting these logs:

'org.apache.cxf.rs.security.jose.jws.JwsException: INVALID_COMPACT_JWS' extracting credentials from saml http authenticator
	at com.amazon.dlic.auth.http.saml.HTTPSamlAuthenticator.extractCredentials(HTTPSamlAuthenticator.java:135) ~[opendistro_security_advanced_modules-0.9.0.0.jar:0.9.0.0]

Any help would be really appreciated!

Thanks!