I am trying to set up OIDC integration with Okta using Istio’s Access and Identity Adapter
I have set up an OIDCConfig Custom Resource similar to this with my okta info:
apiVersion: "security.cloud.ibm.com/v1"
kind: OidcConfig
metadata:
name: my-oidc-provider-config
namespace: test
spec:
discoveryUrl: http://{my-okta-server}/oauth2/default/.well-known/openid-configuration
clientId: $okta-id
clientSecretRef:
name: okta_secret
key: $okta_credential_key
I have configured a Okta Application of type Web with grant type Client Credentials and Authorization Code(there seems to be no way to just set it as client credentials).
However, I keep getting this error after redirect on success authentication in Okta:
UNAUTHENTICATED:handler-appidentityandaccessadapter.handler.istio-system:invalid_request: Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body.