Has anyone implemented Akamai Luna Control Center SAML? Skip to main content
https://support.okta.com/help/answers?id=906f0000000i06gias&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Rocky ReyesRocky Reyes 

Has anyone implemented Akamai Luna Control Center SAML?

I see an Okta verified app for Okta Edge Control which is SWA only.
I don't see an Okta verified app for Akamai Luna though some Okta sso competitors (Bitium and OneLogin) do have the integration.

I can attempt to create a custon SAML app in Okta, but will need some guidance as there are obviously no setup instructions.

Can anyone offer some insight into this?

Thanks in advance,
Nick AscencioNick Ascencio (Okta, Inc.)
Hello Rocky,

The easiest course of action to take would be to create a custom SAML app as you have already mentioned in your post. I visited the Akamai Luna website and it appears that they do have an IDP independent process for creating SAML connections to their service, so it would be a matter of determining what data field and certificate requirements they have set and then provide those values through our SAML App Wizard.

The general process for this can be found at the following link: https://support.okta.com/help/articles/Knowledge_Article/Using-the-App-Integration-Wizard

Once you have successfully done that and the custom app is functional, you can use that app in your org’s app library or submit the finished product to the OAN for publication to the global application list. 

Thank you,
Nick
Okta Support
Damian GerowDamian Gerow
I've actually just started looking into this, and it's apparently not possible right now: Luna only supports certificates with an expiration date within the next 2 years, but our existing certificate expires in ~30 years.

We contacted Akamai about this, and they said that Okta new of this and was working on it, then proceeded to point out a bunch of other things that may prevent the DIY SAML approach from working.

Is it possible for Okta to provide a native integration for Luna, to make this process a little easier, and so folks aren't running into the same problem over and over again?
Jeff HirschJeff Hirsch

I actually figured it out.  You need to go through the API, but before you can utilize the API to generate and update the certificate, you need to contact Okta and have them turn on the "KEY_ROLLOVER" feature on your instance.  Once you do that, follow the steps for setting up the API Test Client here:

http://developer.okta.com/docs/api/getting_started/api_test_client.html 

Then:

1. Generate an API Cert through your instance
2. Get the Apps API Collection.  
3. Use the List Apps call to get the information on your "Akamai" App that you already created.
4. Use the "Generate Certificate" Call to get a new cert with 2 years on it by changing the "validityYears" value to 2.
5. Use the "Update Application Certificate" call with the new cert and the information from the List Apps call. 
6. Revoke your API Cert

Jason HarrisJason Harris
Hey Jeff,

I am able to get to step 3.  but on step 4. I get an error when trying to generate certificate.  i get the following response below.  Also, suport turned on the Key_Rollover feature for us.

{
  "errorCode": "E0000022",
  "errorSummary": "The endpoint does not support the provided HTTP method",
  "errorLink": "E0000022",
  "errorId": "oae3kQzIAPCRZ6HpZNCE4duug",
  "errorCauses": []
}

Can you explain in more detail how you performed steps 4,5 & 6?
Jason HarrisJason Harris
nm. i figured it out after much reading. I will post a how-to for others later.
CD KadingCD Kading
Hey Jason, to complete the article can you post your how-to. I have a customer who is trying to do this same thing.
sriram balasubramaniansriram balasubramanian
Hey Jason - did this document actually come out ? Can you send me a pointer