Help to integrate Okta SAML with existing ASP.NET WebAPI app

I got this app from another developer. Ill try my best to describe it.

It uses WebAPI OWIN (there is no MVC). The resource server, authorization server and application is the single ASP.NET app. The grant type for OAuth I believe is “Resource Owner Password Credentials”.

I need to implement SSO using Okta and SAML on top of OAuth.

I would appreciate if someone gives me a jump start.

Hey @maxima,

I’m not 100% sure what you mean by SAML on top of OAuth. I’ve seen a few projects that have mixed the two, but the easiest option is to just use OAuth 2.0. Have you seen our examples:

https://github.com/okta/samples-aspnet
https://github.com/okta/samples-aspnetcore

If those don’t help, let us know more detail on what you are looking to do, and we can point you in the right direction!

you mean this (your links return 404) : https://developer.okta.com/quickstart/#/widget/dotnet/aspnet4 (there is a sample with OpenID for WebAPI which I don’t see how to utilize)

The app in question uses OAuth 2.0

What I need to achieve is that user can be authorized either way - user/pwd html page with OAuth and with Okta/SAML with minimum code change.

I am not clear where to insert Okta in the OAuth flow.

Currently I have a token based flow - html client sends login/password, gets token from OAuthAuthorizationServerProvider implementation, then all calls to the resource (rest service with methods marked [Authorize]) OAuth does the job and test the token etc.

Now I need to make Okta login available instead of our html login page for certain users. but still keep the old functionality for other.

My current question - I need to receive “SAML Assertion” in my OAuth service to use it as a bearer token

If use Okta as a SAML IDP, take a look at the middleware approach provided by


I had success with it

You can also use Okta as an OIDC IDP, consider IdentityServer 3 for pre-.NetCore, or IdentityServer4 for .NetCore


Both SAML2 and IdentityServer are solid options.

Thank you. Sustainsys solution and the sample app would need a week to unravel.

I just need to get a token. I don’t believe this has to be hard.

@bdemers - surely I am not the first to have an OAuth app and wanting to add Okta to it… Must be like 2 lines of code. Can you help me?

Hi @maxima! Did you end up achieving what you were asking in this topic? My understanding is that you were about to do exactly what I’m supposed to now, and I would appreciate if you could share some of your findings. Thanks!

I think I am looking for the same solution. We have an app using OAuth2 and IdentityServer, but we now have a requirement to accept logins via SAML, so I would like to use OKTA to get a SAML Assertion, then take that Assertion to IdentityServer to get an OAuth2 access token to use against our REST API.

Also looking for a .NET MVC SAML example, so I’m in the same boat.

I used the sample code from onelogin and it worked for Okta too: https://developers.onelogin.com/saml/c-and-aspnet

Thanks!!! Looking that up now…

Hi @bdemers

My Client is using the Otka for User Identity, So they want to implement the Facebook, Instagram and Apple-Id Login Integration in the application.

I found the Facebook login in the social authentication section, but want to know if Okta provide the support for Instagram and Apple-Id Login (Login with apple and login with instagram)

Hi @pallavocta

Regarding Apple, please check https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple.
For Instagram, I am not sure if they return ID tokens in order that can be used to authenticate te users in Okta.

1 Like

Hi @dragos
I looked at this article regarding login with apple but it does not map to octa directory, so in this case, octa will not preserve data about apple login.
What do you say?