Istio OIDC issues

mzeitlin · June 24, 2020, 7:10pm

I am trying to set up OIDC integration with Okta using Istio’s Access and Identity Adapter

I have set up an OIDCConfig Custom Resource similar to this with my okta info:

apiVersion: "security.cloud.ibm.com/v1"
kind: OidcConfig
metadata:
    name: my-oidc-provider-config
    namespace: test
spec:
    discoveryUrl: http://{my-okta-server}/oauth2/default/.well-known/openid-configuration
    clientId: $okta-id
    clientSecretRef:
        name: okta_secret
        key:  $okta_credential_key

I have configured a Okta Application of type Web with grant type Client Credentials and Authorization Code(there seems to be no way to just set it as client credentials).

However, I keep getting this error after redirect on success authentication in Okta:

UNAUTHENTICATED:handler-appidentityandaccessadapter.handler.istio-system:invalid_request: Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body.

mzeitlin · June 25, 2020, 6:54pm

I figured out the issue, the adapter requires to set the authentication method in the OIDCConfig

authMethod: client_secret_post

regic · January 18, 2021, 4:12pm

I am using Istio as an ingress gateway and trying to setup okta authorization within a sidecar proxy for a Node.js app but keep running into a ‘Invalid X-Requested-With header’ error, i confirmed Okta is not receiving the token from my app, would you happen to have any documentation you could share that helped you get this up and running?

system · January 26, 2024, 6:08pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.