Hi Team,
I am trying to register OKTA with my .NET web application to implement SSO and referred the process from "Okta Authentication Quickstart Guides | Okta Developer " : MVC 4x. (Also the sample provided here is not working under this link)
Completed all the steps from above url and able to load my applications first page i.e., login page, and provided a button/link to call challenge method, and trying to call the method with [Authorize] attribute. But it is not opening the OKTA login page
I am new to OKTA, have placed the wrong the key in web.config . Now able to authenticate properly with OKTA user account but blocked again with below related issue, kindly suggest if i have configured it wrong.
Problem is that in startup.cs AuthorizationCodeReceived is never hit and hence unable to get the claims/userInfo to my application. below is the code from startup.cs
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
});
var clientId = ConfigurationManager.AppSettings["okta:ClientId"].ToString();
var clientSecret = ConfigurationManager.AppSettings["okta:ClientSecret"].ToString();
var issuer = ConfigurationManager.AppSettings["okta:Issuer"].ToString();
var redirectUri = ConfigurationManager.AppSettings["okta:RedirectUri"].ToString();
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
ClientSecret = clientSecret,
Authority = issuer,
RedirectUri = redirectUri,
ResponseType = "code",
UseTokenLifetime = false,
Scope = "openid profile",
PostLogoutRedirectUri = ConfigurationManager.AppSettings["okta:PostLogoutRedirectUri"].ToString(),
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name"
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
**AuthorizationCodeReceived** = async context =>
{
// Exchange code for access and ID tokens
var tokenClient = new TokenClient(issuer + "/v1/token", clientId, clientSecret);
var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(
context.ProtocolMessage.Code, redirectUri);
if (tokenResponse.IsError)
{
throw new Exception(tokenResponse.Error);
}
var userInfoClient = new UserInfoClient(issuer + "/v1/userinfo");
var userInfoResponse = await userInfoClient.GetAsync(tokenResponse.AccessToken);
var identity = new ClaimsIdentity();
identity.AddClaims(userInfoResponse.Claims);
identity.AddClaim(new Claim("id_token", tokenResponse.IdentityToken));
identity.AddClaim(new Claim("access_token", tokenResponse.AccessToken));
if (!string.IsNullOrEmpty(tokenResponse.RefreshToken))
{
identity.AddClaim(new Claim("refresh_token", tokenResponse.RefreshToken));
}
var nameClaim = new Claim(
ClaimTypes.Name,
userInfoResponse.Claims.FirstOrDefault(c => c.Type == "name")?.Value);
identity.AddClaim(nameClaim);
System.Threading.Thread.CurrentPrincipal = new ClaimsPrincipal(identity);
context.AuthenticationTicket = new AuthenticationTicket(
new ClaimsIdentity(identity.Claims, context.AuthenticationTicket.Identity.AuthenticationType),
context.AuthenticationTicket.Properties);
},
RedirectToIdentityProvider = context =>
{
if (context.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)
{
var idToken = context.OwinContext.Authentication.User.Claims
.FirstOrDefault(c => c.Type == "id_token")?.Value;
context.ProtocolMessage.IdTokenHint = idToken;
}
return Task.FromResult(true);
},
}
});
Hey @Nadeem, sorry for the delay. Did you make any progress on this?
AuthorizationCodeReceived should get hit, unless the redirect URI is wrong or Okta isn’t redirecting back to your app for some reason. Can you use your browser’s network panel or a tool like Fiddler to watch the network requests? What happens after you log in at Okta and your browser is redirected?
Thanks for the reply, the issue is fixed now, able to authenticate properly but now to progress further on my POC with okta, i need to check one scenario which is :
if we have a client who can provide its IdP to connect with OKTA and sends a SAML response to OKTA, can you guide me on how to consume this SAML response through OKTA in my application, is it possible to get the SAML response with below code which we used in Openid connect directly ?
var userInfoClient = new UserInfoClient(issuer + “/v1/userinfo”);
var userInfoResponse = await userInfoClient.GetAsync(tokenResponse.AccessToken);
Or do we need to implement this scenario differently from OKTA openid connect code, if yes, any OKTA examples / samples related to SAML authentication would be of great help.
We don’t have any documentation yet on handling an incoming SAML SSO connection from Okta, sorry. We’re planning on building docs and samples, but right now we are focusing on finishing our management SDKs.
I’d recommend looking at the Sustainsys Saml2 library (formerly KentorIT). They have some examples of creating a SAML Service Provider in .NET.
Hello Folks,
Hope you all are doing well.
I am running Asp.Net webform application for OKTA login but facing the issue after the click on Login button.Once Click on Login button below error is coming, if (tokenResponse.IsError) { throw new Exception(tokenResponse.Error); }
Please find screen shots for same.
Please help me out or any suggestion if you have.
.
