Self Hosted Sign Widget PIV

Hello,

My organization uses the PIV/Smart Card feature in production now, it is hosted on Okta. We are trying to move to a self hosted sign on widget, and all the features work except the PIV.

When a PIV/CAC user clicks the PIV button the get a CORS exception in the console. We have enabled CORS/Redirect from the sign on url in the Trusted Origins section.

This is our PIV configuration for the OktaSignIn. The host in this example is something like myorg.oktapreview.com.

piv: {
        certAuthUrl: `https://${host}/login/cert`,
        text: 'Authenticate with a CAC Card',
        className: style.piv,
        isCustomDomain: false
},

Thanks in advance!

it should be

certAuthUrl: 'https://your_tenant_name.mtls.okta.com/api/internal/v1/authn/cert',

Thanks This endpoint was able to authenticate a CAC user. Is there anyway to redirect to a different audience.

Currently once a user authenticates they are redirected to the Okta home page. How would I redirect them back to an application like https://mysubdomain.myorg.com/oauth2/idpresonse?

Please refer to a regular widget configuration. If you can configure a widget w/o PIV to redirect to a different URL, then PIV will work the same way, I assume