This guide will help you configure Okta and FlexDeploy to work together with OpenID for SSO.
Replace capitalized text in the sample sso.config file with appropriate values. You will need to define an application in your Okta console and update values in the configuration file as shown below.
OKTACLIENTID - get this value from Okta application configuration.
OKTACLIENTSECRET - get this value from Okta application configuration.
OKTADOMAIN - get this value from your Okta domain details.
FLEXDEPLOYHOST - FlexDeploy application host
FLEXDEPLOYPORT - FlexDeploy application port
Example fdsso.config file for Okta (OpenID Connect)
| Info |
|---|
Change log
|
| Code Block |
|---|
oidcConfig = org.pac4j.oidc.config.OidcConfiguration oidcConfig.clientId = OKTACLIENTID oidcConfig.secret = OKTACLIENTSECRET oidcConfig.discoveryURI = https://OKTADOMAIN.okta.com/.well-known/openid-configuration oidcConfig.scope = openid,groups,profile,email oktaClient = org.pac4j.oidc.client.OidcClient oktaClient.configuration = $oidcConfig clients.callbackUrl = https://FLEXDEPLOYHOST:FLEXDEPLOYPORT/flexdeploy/callback clients.clients = $oktaClient isAuthenticatedAdmin = org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer excludedPathMatcher = org.pac4j.core.matching.matcher.PathMatcher excludedPathMatcher.excludedPath = /next/#/login config.authorizers = admin:$isAuthenticatedAdmin config.matchers = excludedPath:$excludedPathMatcher ssoFilter = flexagon.fd.ui.security.FlexPac4jFilter ssoFilter.config = $config ssoFilter.clients = OidcClient ssoFilter.matchers = nocache ssoFilter.authorizers = admin logout = io.buji.pac4j.filter.LogoutFilter logout.config = $config logout.localLogout = true logout.centralLogout = true logout.defaultUrl = https://FLEXDEPLOYHOST:FLEXDEPLOYPORT/flexdeploy/next/#/home |
Here is what configuration looks like in Okta.
