I’ve followed the directions here
but it’s not completely working.
I’ve enabled custom domain and when I go to the log in page I do see my changes, the company name there. The url is still dev-xxxx.okta/etc
I’ve replaced my domain below with the word “example”.
I can successfully log in to my app that’s hosted on AWS under demo.example.com
My understanding is if I want the app to go to login.example.com when it’s redirected to the login page I need to update the okta.oauth2.issuer entry from
If I do this, the login page will display fine, and the url will be https://login.example.com
with nothing after the “.com”.
After I enter a valid user / password I get an error
[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: I/O error on POST request for “https://login.EXAMPLE.com/oauth2/default/v1/token”: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I updated the Authorization Server, I only have 1 entry to
Issuer : Custom URL (https://login.example.com/oauth2/default)
Metadate URI : https://login.example.com/oauth2/default/.well-known/oauth-authorization-server
Not sure what else I need to change.