• State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 97 subscribers
  • Views 5612 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Oauth2.0 integration with Identity provide OKTA

rohith.udupa
over 7 years ago

Hi,

We are using Okta IdP provider for Oauth2.0 authentication with Identity Manager. We have enabled oauth and have configured all parameters for Oauth2.0 under QER>Person>Oauth Authenticator such as ClientID, shared secret(ClientSecret), issuer, Login and logout endpoints including Token end point. Scope is set to OpenId Profile.
Search Column and Search table are pointing to the right tables where the User data is present.
Authentication module is selected to Oauth2.0 role based in web designer.
When We access the web URL, It is redirecting to the authorization server of Okta, after authentication, we are getting error specified as "Invalid_request. Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body" in the log in page.
From okta logs, The error shown was "Multiple Credentials".

If the error caused is due to multiple credentials, how to supply credentials in header or post body only?

Thanks

  • 0 over 6 years ago

    Hi, you need version 8.0.2, or a version that holds the config param TokenEndpointAuthentication

    this needs to be set to client_secret_post, this will stop the issue tou are seeing.

    however once you are past your current issue, you will then have another issue with the signing format of the jwt tokens, Okta does not provide x5c.

    will update this as approriate

  • 0 over 6 years ago

    Hi Rohith,

    Can you please provide some insights on how you have configured this set up at one identity manager end.
    Currently in our environment, users are authenticated against Active directory.

    We want to integrate  one identity manager with  Okta for authentication.
    Can you let us know how we can disconnect this from Ad and can be integrated with Okta.

    Thanks

    Jai

  • 0 over 6 years ago in reply to Jai

    You will need to wait for version a new version, Okta does not provide x5c cert in json web token endpoint. So it will not work