Magnolia-SSO Single Sign On With Okta Too_Many_Redirects

Hello I am trying to authenticate my Magnolia Instance with Okta, and I am able to hit the Okta login page, but upon entering valid credentials I infinitely redirect. I think this is because my response_type=code, and Okta returns a code, which magnolia rejects and sends us back to Okta, starting an infinite loop.

Using this magnolia module Limits my control over the Request to Okta but I don’t think there is much I can do about the request_type= code uri param. I will link tthe Magnolia-SSO doc as well as my yaml:
Magnolia Doc:
https://docs.magnolia-cms.com/product-docs/6.2/Modules/List-of-modules/SSO-module.html
Note: The doc directs me to create a claim, which I have done, I suspect the issue is the request_type Uri Param.

I have configured the following props in Yaml:
authenticationService:
path: /.magnolia/admincentral
callbackUrl: http://localhost:8080/local/.auth
authorizationGenerators:
groupsAuthorizationGenerator:
class: info.magnolia.sso.oidc.GroupsAuthorizationGenerator
mappings:
/Everyone:
roles:
- superuser
pac4j:
oidc.id: id
oidc.secret: secret
oidc.scope: openid profile email
oidc.discoveryUri: https://dev-27703170.okta.com/.well-known/openid-configuration
oidc.preferredJwsAlgorithm: RS256

Everything looks correct on both the Okta side and Magnolia side so I am a bit stuck. I am hoping throwing out this line might uncover something. Thank you for reading :slight_smile:

Do you know if Magnolia is configured to support Authorization Code flow at all? Maybe its trying to use a different grant type (like Implicit flow) or is otherwise receiving information in the wrong format.

Have you reached out to Magnolia at all? If you check the network tab in the browser, do you see any requests to Okta failing?

Thanks for responding Andrea! When I posted I thought based on how magnolia responded to the code, that maybe it was meant to be the implicit flow. Now I believe it should use Authorization Code flow, and after getting in touch with Magnolia we think it may be linked to an existing bug.
We can close this thread, with the likely culprit being the Magnolia bug.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.