Red Hat’s documentation only covers oidc authentication against Red Hat SSO/Keycloak. I have been attempting to adapt the process to Okta, with only minor success. I am able to see in the Okta application logs and the mod_auth_openidc debug logs that authentication was successful. However, in the Satellite production.log I get the following error,
‘Failed to decode JWT’ error (JWT::DecodeError): Could not find public key for kid [cypher text]’
In Satellite I have the following settings,
Authorize login delegation: Yes
OIDC JWKs URL: https://[domain].okta.com/oauth2/v1/keys
OIDC Issuer: https://[domain].okta.com
OIDC Algorithm: RS256
OID Audience: [Client ID from Okta app configuration]
In the httpd configuration I have the following settings,
OIDCClientID [ClientID from Okta app configuration]
OIDCProviderMetadataURL https://[domain].okta.com/.well-known/openid-configuration
OIDCCryptoPassphrase [random phrase]
OIDCClientSecret [Client Secret from Okta app configuration]
OIDCRedirectURI https://[satellite url/users/extlogin/redirect_uri
OIDCRemoteUserClaim sub
<Location /users/extlogin>
AuthType openid-connect
Require valid-user
LogLevel debug
Any help sorting out this issue will be greatly appreciated.
Jeremy