Self Hosted Sign Widget PIV


My organization uses the PIV/Smart Card feature in production now, it is hosted on Okta. We are trying to move to a self hosted sign on widget, and all the features work except the PIV.

When a PIV/CAC user clicks the PIV button the get a CORS exception in the console. We have enabled CORS/Redirect from the sign on url in the Trusted Origins section.

This is our PIV configuration for the OktaSignIn. The host in this example is something like

piv: {
        certAuthUrl: `https://${host}/login/cert`,
        text: 'Authenticate with a CAC Card',
        className: style.piv,
        isCustomDomain: false

Thanks in advance!

it should be

certAuthUrl: '',

Thanks This endpoint was able to authenticate a CAC user. Is there anyway to redirect to a different audience.

Currently once a user authenticates they are redirected to the Okta home page. How would I redirect them back to an application like

Please refer to a regular widget configuration. If you can configure a widget w/o PIV to redirect to a different URL, then PIV will work the same way, I assume

@phi1ipp – I have dug and dug about how to do a correct redirect with PIV sign-in widget implementation to no avail

@danatgovini – were you able to figure this out?

Here is a link to topic I just posted.

@anthony.sessa, yeah I figured the same thing unfortunately. Maybe it’s worth opening a ticket on, if it doesn’t exist yet