I have a windows application (Excel addin actually) that needs to access a web application protected by OKTA SSO. Since it is a windows app all requests are sent through code and there is no browser involved (I am using HttpWebRequest). Broadly these are the steps I need to perform
Step1: Authenticate username/password from within the Windows Application
(Using “Primary Authentication” I send a request to {{url}}/api/v1/authn with username and password and receive sessionToken in return)
Step2: Receive a session cookie as a result of authentication
(I expect to send the sessionToken and receive a session cookie in response)
Step3: Make a request to target servlet url with session cookie - I expect to receive results directly from the target servlet.
(Make a GET request to my target servlet URL with cookie received in above step. Since cookie is proof of authentication I should be let in - but I get redirected to OKTA login page)
I am having problem with Step2 - not sure exactly what has to be done here: I have tried couple of things but none of them seem to work.
Try1:
Used “Create Session with Session Token” i.e. sent a request to {{url}}/api/v1/sessions?additionalFields=cookieToken with appropriate values. I received cookies in response but these cookie did not work in step 3
Try2:
Tried the “Retreiving a session cookie by visiting a session redirect link” i.e. sending request to https://{yourOktaDomain}.com/login/sessionCookieRedirect?token={sessionToken}&redirectUrl={redirectUrl} with appropriate values - response I get is either “403 Forbidden” or “404 Not Found”
Can anyone help me out in getting a session cookie from sessionToken. I have been going through the documentation for a few days now but can’t figure it out. I am fairly new to OKTA and SSO.
Thanks in Advance.