Hello, I am working on a test environment to test the integration of Okta as an external IDP. According to the docs, this is supported, however there is no okta-specific documentation that I can find.
I have okta configured as follows: [root@ipa-primary ~]# ipa idp-show okta Identity Provider server name: okta Authorization URI: https://ORGNAME.okta.com/oauth2/v1/authorize Device authorization URI: https://ORGNAME.okta.com/oauth2/v1/device/authorize Token URI: https://ORGNAME.okta.com/oauth2/v1/token User info URI: https://ORGNAME.okta.com/oauth2/v1/userinfo Client identifier: CLIENTID Scope: openid email External IdP user identifier attribute: email I also have the Secret configured, as the Okta side is configured to require the secret. When I attempt to perform a login operation using a user configured for this external IDP, I get the following errors (partially redacted for brevity and security): Nov 09 14:58:43 ipa-primary.ipa.DOMAIN.COM oidc_child[5749]: libcurl: > POST /oauth2/v1/device/authorize HTTP/2 Host: ORGNAME.okta.com user-agent: SSSD oidc_child/0.0 accept: application/json content-length: 49 content-type: application/x-www-form-urlencoded Nov 09 14:58:43 ipa-primary.ipa.DOMAIN.COM oidc_child[5749]: {"error":"invalid_client","error_description":"Client authentication failed. Either the client or the client credentials are invalid."} Is there any Okta-specific documentation I can reference, or does anyone know where my configuration issue may be? Thanks, Russ _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
