<!-- Render the login widget here -->
<div id="okta-login-container"></div>
<form id="okta-submit-form" method="POST" action="Login">
@Html.Hidden("sessionToken")
@Html.Hidden("oktaUserId")
@Html.AntiForgeryToken()
</form>
<!-- Script to init the widget -->
<script>
const signIn = new OktaSignIn({
baseUrl: '@ViewBag.OktaOrgUrl'
});
signIn.renderEl({ el: '#okta-login-container' }, (res) => {
$("#sessionToken").val(res.session.token);
$("#oktaUserId").val(res.user.id);
$("#okta-submit-form").submit();
}, (err) => {
console.error(err);
});
</script>
Startup code
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
// Enable the application to use a cookie to store information for the signed in user
app.UseOktaMvc(new OktaMvcOptions()
{
OktaDomain = ConfigurationManager.AppSettings["OktaOrgUrl"],
ClientId = ConfigurationManager.AppSettings["OktaClientId"],
ClientSecret = ConfigurationManager.AppSettings["OktaClientSecret"],
RedirectUri = "/authorization-code/callback",
PostLogoutRedirectUri = "/Account/LogOff",
GetClaimsFromUserInfoEndpoint = true,
Scope = new List<string> { "openid", "profile", "email" },
});
}
Login Post Method
[HttpPost]
[ValidateAntiForgeryToken, AllowAnonymous]
public ActionResult Login(FormCollection form)
{
if (!HttpContext.User.Identity.IsAuthenticated)
{
var properties = new AuthenticationProperties();
properties.Dictionary.Add("sessionToken", form.Get("sessionToken"));
properties.RedirectUri = "/Home/Index";
HttpContext.GetOwinContext().Authentication.Challenge(properties,OktaDefaults.MvcAuthenticationType);
// I tried removing this and still same result
return new HttpUnauthorizedResult();
}
return RedirectToAction("Index", "Home");
}
Once the code hits this part in the login post method
IOException: IDX20804: Unable to retrieve document ...
IOException: IDX20803: Unable to obtain configuration from ...
That happens when the Okta domain URL is not configured correctly. Can you show me the value of ConfigurationManager.AppSettings["OktaOrgUrl"]? (You can redact the company name, or send it to me via private message if you want.)
If not, that is the problem. As a follow-up question, are you using a custom Authorization Server for this application? Can you describe briefly what the application is and who will use it? (internal employees, or external customers)
{"errorCode":"E0000015","errorSummary":"You do not have permission to access the feature you are requesting","errorLink":"E0000015","errorId":"oaebrKuQegGTZK2snkcJEmNBg","errorCauses":[]}
I’m guessing thats a bad resposne? So is there something in the configurations that needs to be changed?
As for your other question were just using the built in Okta widget to login our users to our internal application. Were not really needing anything beyond just the login portion for now. I was hoping it can handle the following
Login users via the okta widget
Validate the session token returned from the okta widget login is legitimate (My understanding is this is done via the challenge step. )
Auto logon users with active okta sessions.
Create Identity User session when login is validated.
That makes sense, thanks for the background detail. Quick sanity check, when you say it’s an internal application, I assume that means that users = employees?
For an internal application, you’ll need to make one change. This default:
Is meant for external applications. You’ll need to specify an AuthorizationServerId in your options block:
I know that looks a little silly, but the reason behind it is: external applications use Custom Authorization Servers (with an authorization server ID), but internal applications use Okta as an authorization server (with no authorization server ID).
Let me know if that gets you up and running. Sorry that this isn’t called out better in the readme! We are working on better documentation for these libraries right now.
I tried with the value of RedirectUri in the startup code with RedirectUri = "http://localhost:64116/authorization-code/callback
and RedirectUri = "/authorization-code/callback
@nate.barbettini Nevermind, it appears I just had existing session cookies which was messing up the redirect. Im getting a authorized identity user now by adding that AuthorizationServerId part. I will update this thread if I get the rest to work or if I have anymore issues. Thanks for the help!
Hello,
I am facing the same issue. The application works when I am not connected to the company VPN. It throws the error when I turn on the company VPN. I added AuthorizationServerId = string.Empty but it doesn’t make any difference. Can you please help?