Question

Photo of Scott Armstrong

0

Using OIDC Auth Service to connect to Okta

The team I work for is working on our initial setup of Rock and we are trying to use the OidcClient Auth Service to connect to our existing Okta account. We have been able to set all of the URLs and keys and get the option added to the login page; but the process doesn't appear to be working correctly. 

When we click on the login button, the page properly redirects to the Okta login page. We can then get past the login process in Okta and are redirected back to our Rock instance. The problem is, once there, Rock doesn't appear to be processing the information it gets from Okta and we never end up logged in. The Rock URL we get sent to has query string params that look like this:

https://[our domain]/page/3?code=7r9yGdr.....K4&state=%242a......IPqxyDS5T8YZSK4w5am

We would assume that at this point Rock would grab this information from the URL and use it to log the person into the site; but it doesn't appear to be doing that.

Right now, we have the redirect URI set to https://[our domain]/page/3 (which is our login page) Does this redirect URI need to be set to some other value for the params to be processed correctly? We've tried several different pages, but they all seem to have the same outcome.


  • Photo of Miles Carmany

    0

    We use the Google Auth service for our staff (We are Google Workspace) and the redirect URIs we use are https://[rock domain]/page/3 too. Rock does automatically append ?returnurl=%252f when viewing the login page. It happens so fast, I don't see what the intermediate URLs are before I get to https://[rock domain]/ which is our internal homepage.