lmd6j (lmd6j) asked a question.
I have 2 applications in my setup:
1) A client application (Running in the browser - Uses okta-react and okta-signin-widget to provide a custom login. Application in okta uses openid sign on.
2) Confluence Server (Hosted in another location - Uses Okta Confluence Authenticator with SAML enabled. Visiting the embed link takes me through login if I don't have a session yet.
This means I can log into the client app and navigate through to the Confluence server without a second login. Brilliant.
Now what I need to do is access Confluence REST API's without the user ever visiting Confluence or the embed link. Is this possible and how do I go about it?
Avenues I've explored include
1) Send access token as authorisation header but Confluence server doesn't support oauth 2.0
2) Requesting the embed link with ajax, pulling the SAMLResponse and RelayState out of the html and posting it to Confluence server to be consumed by the Okta Authenticator. This works until I re-enable web security in the browser as the embed link doesn't allow any other origins.
Hello Roland,
Looks like a case was opened for this and you are working with the support team on your needs. Let me know if you need further assistance.
Mike Davie
Okta Help Center.
Hi Mike,
Yes, the case has been opened. Just waiting on investigation from the case owner.
Cheers
Thank you for reaching out to our help portal Roland, as Mike has already stated, you currently have a case open with an engineer to work through this issue. I've reached out to this engineer to inform them of this post.
I hope you're able to come to a solution and get working as soon as possible.