Configure OpenID Connect login with Okta

This configuration example has been tested by using Ubisecure SSO 9.4 and Okta Developer account in November 2024.

We have tested Okta authentication with 2 alternative configurations:

  1. token_endpoint_auth_method: client_secret_basic / client_secret_post

    1. Set Client Authentication: Client Secret in Okta UI:

      image-20241122-073724.png

    2. Copy the client ID and client secret from Okta to the Ubisecure authentication method metadata:

      { "redirect_uris": [ "https://login.your-address.com/uas/return/okta.oidc.1/redirect" ], "grant_types": [ "authorization_code" ], "response_types": [ "code" ], "jwks_uri": "https://login.your-address.com/uas/oauth2/names/ac/okta.oidc.1/metadata.jwks", "client_id": "0oalay2og5yedZLuY5d7", "client_secret": "***", "token_endpoint_auth_method": "client_secret_basic", "scope": "openid email profile" }
  2. token_endpoint_auth_method: private_key_jwt

    1. Set Client Authentication: Public key / Private key in Okta UI:

      image-20241122-073854.png

    2. Choose “Save keys in Okta”

    3. Copy the key from your Ubisecure SSO (https://login.your-address.com/uas/oauth2/metadata.jwks) to Okta. Copy only the key, not the list of keys:
      {"keys":[{"x5c":["MIIDPT.....VGmHWNU="],"kid":"5g2Oe2XTjSclW_Q39BJ2lYmU_lE","kty":"RSA","n":"0xavPW6y.....0LL3tGw","e":"AQAB"}]}

    4. Set the Ubisecure authentication method metadata as follows:

      { "redirect_uris": [ "https://login.your-address.com/uas/return/okta.oidc.1/redirect" ], "grant_types": [ "authorization_code" ], "response_types": [ "code" ], "jwks_uri": "https://login.your-address.com/uas/oauth2/names/ac/okta.oidc.1/metadata.jwks", "client_id": "0oalay2og5yedZLuY5d7", "token_endpoint_auth_method": "private_key_jwt", "scope": "openid email profile" }

 

Related pages