Configure OpenID Connect login with Okta
This configuration example has been tested by using Ubisecure SSO 9.4 and Okta Developer account in November 2024.
We have tested Okta authentication with 2 alternative configurations:
token_endpoint_auth_method: client_secret_basic / client_secret_post
Set Client Authentication: Client Secret in Okta UI:
Copy the client ID and client secret from Okta to the Ubisecure authentication method metadata:
{ "redirect_uris": [ "https://login.your-address.com/uas/return/okta.oidc.1/redirect" ], "grant_types": [ "authorization_code" ], "response_types": [ "code" ], "jwks_uri": "https://login.your-address.com/uas/oauth2/names/ac/okta.oidc.1/metadata.jwks", "client_id": "0oalay2og5yedZLuY5d7", "client_secret": "***", "token_endpoint_auth_method": "client_secret_basic", "scope": "openid email profile" }
token_endpoint_auth_method: private_key_jwt
Set Client Authentication: Public key / Private key in Okta UI:
Choose “Save keys in Okta”
Copy the key from your Ubisecure SSO (https://login.your-address.com/uas/oauth2/metadata.jwks) to Okta. Copy only the key, not the list of keys:
{"keys":[{"x5c":["MIIDPT.....VGmHWNU="],"kid":"5g2Oe2XTjSclW_Q39BJ2lYmU_lE","kty":"RSA","n":"0xavPW6y.....0LL3tGw","e":"AQAB"}]}Set the Ubisecure authentication method metadata as follows:
{ "redirect_uris": [ "https://login.your-address.com/uas/return/okta.oidc.1/redirect" ], "grant_types": [ "authorization_code" ], "response_types": [ "code" ], "jwks_uri": "https://login.your-address.com/uas/oauth2/names/ac/okta.oidc.1/metadata.jwks", "client_id": "0oalay2og5yedZLuY5d7", "token_endpoint_auth_method": "private_key_jwt", "scope": "openid email profile" }