When configuring Openshift console with OIDC authentication, the user is successfully authenticated by Okta and redirected to Openshift console. After successful authentication the user is added automatically under User Management > Users (in Openshift console).
The trouble now is: user’s name is mapped with app.clientId.
I want user’s name (in Openshift) to be the user’s email used for login to Okta.
Thanks for reply, i’m quite new in Okta configuration, could you please suggest how to fill Audience property for the new Authz server? The guide states: " The Audience property should be set to the URI for the OAuth 2.0 resource server that consumes the access token."
regards
From openshift doc:
Claims are read from the JWT id_token returned from the OpenID identity provider and, if specified, from the JSON returned by the UserInfo URL.
At least one claim must be configured to use as the user’s identity. The standard identity claim is sub .
You can also indicate which claims to use as the user’s preferred user name, display name, and email address. If multiple claims are specified, the first one with a non-empty value is used.perché
My understanding is all i need is in place, do you agree?
@marco I think I might know what the issue is. If you login to your openshift cluster and run oc get users and oc get identities you will see mapping for the OIDC app you created in okta. OpenShift will not respect the claim as long as that user exists. Do an oc delete on that auto-generated user/identity then try logging in again via okta. Good chance it will now use the claim you set up in Okta. If that doesn’t work, I’d change the claim’s type from Access to ID Token (Always)