Product: PowerShell Universal
Version: 2.9.2
Hey PSU folks,
I have forms authentication setup and working fine, but my Security team wants me to upgrade to using Okta. Unfortunately I don’t have any expertise in things like Okta, ODIC, SAML, etc., but we do have an Okta expert on staff that I’m working with. Looking at OpenID Connect - PowerShell Universal it seems pretty simple. Our Okta admin creates the app, we add stuff to our appsettings.json, and restart PowerShell Universal service. But we can’t seem to get it working
Is there more to it? Do I also have to setup OpenID as an authentication method and disable forms authentication?
In the Okta config:
- If the PSU Url is https://ud-dev.domain.com/*, then what should we enter for the Sign-in redirect URI?
- The documentation does not state this, but our Okta admin is asking do we need to configure anything for the Initiate login URI?
Is the CallbackPath correct in my appsettings.json file? Anything off here?
"Kestrel": {
"Endpoints": {
"HTTP": {
"Url": "http://*:80"
},
"HTTPS": {
"Url": "https://*:443",
"Certificate": {
"Subject": "*.<domain>.com",
"Store": "My",
"Location": "LocalMachine"
}
}
},
"RedirectToHttps": "true"
},
"ApplicationInsights": {
"InstrumentationKey": "<key>"
},
"OIDC": {
"Enabled": "true",
"CallbackPath": "/authorization-code/callback",
"ClientID": "<ID>",
"ClientSecret": "<Secret>",
"Resource": "",
"Authority": "https://<domain>.okta.com",
"ResponseType": "code",
"SaveTokens": "true",
"CorrelationCookieSameSite": "",
"UseTokenLifetime": true,
"Scope": "openid profile groups",
"GetUserInfo": true
}
Thanks in advance, as I’m not really sure where to go with it from here.
Rob