What URL should I supply a SaaS application that we have on a custom auth server? I gave them the issuer URL, but they get a 404 on it
https://company.oktapreview.com/oauth2/aus7vjjbwnCM9zRoJ1d7
If I give them the org URL it works, but it uses the org token server, I need it to use the custom auth server tokens
Hello,
The following URL would show the endpoints for your custom authorization server,
https://company.oktapreview.com/oauth2/aus7vjjbwnCM9zRoJ1d7/.well-known/openid-configuration
https://company.oktapreview.com/oauth2/aus7vjjbwnCM9zRoJ1d7 would be the issuer URL.
What specifically does the documentation ask for?
Thank You,
Thanks for the reply Erik.
The SaaS app I am trying to integrate has just one field to configure for the okta tenant, and they have no other dev personnel to configure anything custom, its very generic. So this works no problem…https://company.oktapreview.com…and it obviously uses the org auth server…can you give me an example of what would be needed to be configured on the SaaS side to get them to point to the custom auth server
You might need to check with SaaS vendor.
My assumption is with the Org Authorization Server (AS) where all you provide is the issuer,
https://company.oktapreview.com
Then when the integration constructs OAuth endpoints such as /authorize it is appending /oauth2/v1/ to the issuer you provide.
https://company.oktapreview.com/oauth2/v1/authorize
The problem with this is with a custom AS when you provide the issuer
https://company.oktapreview.com/oauth2/aus7vjjbwnCM9zRoJ1d7
The integration will still append /oauth2/v1/ which would give,
https://company.oktapreview.com/oauth2/aus7vjjbwnCM9zRoJ1d7/oauth2/v1/authorize
This is incorrect, it would need to be,
https://company.oktapreview.com/oauth2/aus7vjjbwnCM9zRoJ1d7/v1/authorize
When you configure the integration with your custom AS and then try to authorize you should be able to confirm this my viewing the dev console of the browser and see where the authorize request is being sent to, or check the address bar.