dse7i (dse7i) asked a question.
Does Okta support External IDPs that uses ECDSA (ES384)?
We're creating a custom external IDP for Okta. We had it use ES384 (from JWK: "alg":"ES384","kty":"EC","crv":"P-384") but we're getting an error message when okta tries to use it. "com.saasure.platform.services.idp.exception.IdpAuthenticationException: Unsupported signing algorithm in id_token"
The JWT is valid according to jwt.io.
Is there a list of signing algorithms for external IDPs that Okta does support? Is ES384 one of them?
Hi @dse7i (dse7i) , Thank you for reaching out to the Okta Community!
As far as I can see there is support for ECDSA signing algorithms when it comes to the OIDC apps implementation as per the following documentation: https://developer.okta.com/docs/reference/api/idps/#oidc-algorithms-object
…but for the IDP side of things, I’m only seeing support for HS256, HS384, HS512, RS256, RS384, or RS512 , according to the following: https://developer.okta.com/docs/reference/api/idps/#oidc-algorithms-object
You can suggest a Feature Enhacement on the Okta Community page by going to the Community→ Ideas tab. Features suggested in our community are reviewed and can be voted and commented on by other members. High popularity will increase the likelihood of it being picked up by the Product Team and it being implemented.
More details here.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
Ask the Experts: Okta Device Access Product Team Now Thru 3/22