New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v5] Integration between OKTA and RP doesn't work #1474
Comments
@VolhaKarenko could you please check |
Hi @Kanaduchi, try with providing value of "Audience Restriction" from Okta to "Identity provider name ID" field |
Hi @VolhaKarenko. This doesn't help me. After saving this value is changed automatically back to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
@Kanaduchi I've noticed "Destination mismatch" errors in logs you provided, seems like you're using incorrect URLs in SAML settings. Please provide your URL before the "/uat/saml/sp/SSO/alias/report-portal-sp" part |
@VolhaKarenko |
@Kanaduchi try with providing valid port after the domain like: https://qa-reportportal.domain.com:8080/uat/saml/sp/SSO/alias/report-portal-sp |
@VolhaKarenko When I try to open link with 8080 port I get an error: This site can’t be reached Configuration of docker container for UI:
netstat command shows that 8080 port is used by docker-proxy: |
@Kanaduchi Try to provide env variable for UAT(authorization) container: Where host of the deployed RP |
I tried 2 variants: I still see error: Also I noticed another error: |
@Kanaduchi I see, we should make an improvement regarding this env variable. |
@Yumfriez Here is my config: Unfortunately it is impossible to connect to uat remotely - it works in VPN |
Hi I have exactly the same issue. Reportportal installed in GKE Cluster with Contour HTTPProxy. Everything working fine except SSO with Okta. Same error message. |
Any news on this? |
@Kanaduchi @PSchnurbus24 We’ve made a PR with possibility to provide a redirect base path from the UI. So there will be 2 ways ordered as follows:
This fixes are planned for 5.6 release |
Issue was resolved in 5.6. Thank you! |
For some reason, even though I have
I am currently on RP 5.6.0 |
I still see the same issue on 5.6.2. I tried to put a wrong value to the callbackUrl:
|
Same on the latest version. |
@skorobogatydmitry do you have the same error if you fill |
No, I am able to login if I specify just |
Describe the bug
Integration between OKTA and RP doesn't work. I'm trying to configure integration between Okta and RP. Unfortunately it doesn't work.
When I try to login I get 403 access denied error
Okta side:
RP side:
Log:
Meta file:
<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor entityID="http://www.okta.com/exk8sdfsdfsdfsfPWUf2p7" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"><md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>cXtw==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://domain.okta.com/app/domain_qareportportal_1/exk8sdfsdfsdfsfPWUf2p7/sso/saml"/><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://domain.okta.com/app/domain_qareportportal_1/exk8sdfsdfsdfsfPWUf2p7/sso/saml"/></md:IDPSSODescriptor></md:EntityDescriptor>
What did I wrong?
The text was updated successfully, but these errors were encountered: