Hello,
I am working on a test environment to test the integration of Okta as an external IDP.
According to the docs, this is supported, however there is no okta-specific documentation
that I can find.
I have okta configured as follows:
[root@ipa-primary ~]# ipa idp-show okta
Identity Provider server name: okta
Authorization URI:
https://ORGNAME.okta.com/oauth2/v1/authorize
Device authorization URI:
https://ORGNAME.okta.com/oauth2/v1/device/authorize
Token URI:
https://ORGNAME.okta.com/oauth2/v1/token
User info URI:
https://ORGNAME.okta.com/oauth2/v1/userinfo
Client identifier: CLIENTID
Scope: openid email
External IdP user identifier attribute: email
I also have the Secret configured, as the Okta side is configured to require the secret.
When I attempt to perform a login operation using a user configured for this external IDP,
I get the following errors (partially redacted for brevity and security):
Nov 09 14:58:43
ipa-primary.ipa.DOMAIN.COM oidc_child[5749]: libcurl: > POST
/oauth2/v1/device/authorize HTTP/2
Host:
ORGNAME.okta.com
user-agent: SSSD
oidc_child/0.0
accept:
application/json
content-length:
49
content-type:
application/x-www-form-urlencoded
Nov 09 14:58:43
ipa-primary.ipa.DOMAIN.COM oidc_child[5749]:
{"error":"invalid_client","error_description":"Client
authentication failed. Either the client or the client credentials are invalid."}
Is there any Okta-specific documentation I can reference, or does anyone know where my
configuration issue may be?
Thanks,
Russ