d9gyy (d9gyy) asked a question.
Hello,
I am fairly new to Okta and I am struggling a bit with the concepts. The Okta documentation is furnished, but sometimes inaccurate, the doc is not aligned with the screens…
I want to put in place something rather simple:
- Azure AD is used as an IdP, reaching…
- Okta is used as a SP, reaching…
- my external app, running in local.
I successfully configured the relationship between Azure Ad and Okta SP, by configuring an IdP on Okta. I manage to log in from Azure AD in Okta.
Now I need to land directly on my application (localhost:3000, let’s say).
It is a nodejs application, I use the oidc-middleware as documented.
Of course, I need to get the user info in my app.
- I tried to add my app final url in the relaystate in Azure. I get a redirection but without any information.
- I tried to add an OID App from the “Applications” menu in Okta, and I configured the embedded link in Azure AD. I manage to log in in Okta, then when it tries to access my app, I have an error stating there are too many redirections.
Strangely enough, I haven’t found (yet) a page where everything is described from A to Z.
Do you have recommendation on how to manage, where to look, etc?
On top of things, the external IdP will send some SAML claims we are not allowed to store in Okta SP, in the JIT account. But the upstream app need to access those infos.
Is there a way to use Okta SP as a pass-through ?
Thanks!
Hi @d9gyy (d9gyy) , Thank you for reaching out to the Okta Community!
The core concept seems achievable, but where I see the problem is the part with "send some SAML claims we are not allowed to store in Okta SP" .
The way I'm seeing it, we have the following implementation:
User needs to get to appA with AzureAD creds.
but
AzureAD is the IDP for Okta and Okta is the IDP for appA, hence Okta needs to have the required claims, as AzureAD is only used to get the user into Okta.
Not being able to store certain info in Okta, means that you might have to think of a way to implement authentication directly between AzureAD and the app, completely bypassing the use of Okta.
Seeing as you're dealing with nodejs and OIDC, my advice would be to reach out to the devforum.okta.com to take advantage of their expertise.
While we'll do our best to answer all of your questions here, this medium is more inclined towards Okta core products.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
The October issue of the Okta Community is here and packed with tips on certification, how to earn badges, and new releases. Let us help you stay connected.