New Message Search Latest Redo
Web Connection
Web Connection and OKTA?
Gravatar is a globally recognized avatar based on your email address. Web Connection and OKTA?
  Justin O
  All
6T50CTVBC
  Jan 17, 2024 @ 05:59am
Reply

Hello,

I was wondering if there is an easy way to implemented OKTA to allow a Web Connection site (using wwUserSecurity class for user logins) to facilitate Single Sign on (SSO) to a third party?

I would greatly appreciate any tips or examples.

Thank you!

Gravatar is a globally recognized avatar based on your email address. re: Web Connection and OKTA?
  Rick Strahl
  Justin O
6T60Q6ADV
  Jan 18, 2024 @ 12:12pm
Reply

Not that I know of - I've never even heard of OKTA. Cursorary glance suggests it's an OpenID implementation that can be integrated via authentication flow.

You can hook anything into the User Security system, but you have have to handle retrieval of the OpenID token specifically for the framework you're integrating with so you can store it as part of the credentials that are saved in the user security tables.

It's doable but not trivial. FWIW, if you're using a third party solution for authentication they usually have the tools and APIs to manage all the auth needs externally so you may not actually need to use wwUserSecurity - you'd just validate the token instead.

+++ Rick ---

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Web Connection and OKTA?
  Kevin v Emmrich
  Justin O
6UF0PPX0I
  Mar 3, 2024 @ 12:00pm
Reply

Justin,

Just wondering if you came up with a solution to your Okta SSO login challenge. I am facing the same situation. Can't decide if I should build a C# solution or look at the chilkat library solution.

-- Kevin

Gravatar is a globally recognized avatar based on your email address. re: Web Connection and OKTA?
  Rick Strahl
  Kevin v Emmrich
6UF0UA2OR
  Mar 3, 2024 @ 02:07pm
Reply

The only technical requirement for this to work is that you need a JWT JSON token parser, and you can use one of those via .NET and one of the JWT libraries that are available and use wwDptnetBridge to access it. The rest is implementing the authentication flow via the necessary endpoints to handle the callback requests from the oAuth flow. It's a bit of a pain (regardless which platform you use) with a bit of trial and error for testing but otherwise fairly straight forward.

oAuth flow is similar to identical between different providers so once done you can likely reuse much of that code for other SSO solutions using oAuth/OpenId Connect.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Web Connection and OKTA?
  Kevin v Emmrich
  Justin O
6UR1FFSKV
  Mar 15, 2024 @ 12:28am
Reply

I found this tutorial to be helpful in getting started. It is almost 5 years old and uses MVC Core 2.2 (and doesn't use PKCE), but nonetheless it got me started. I just run this app and then write the json user info to a vfp app folder to read when webConnection is accessed. Once I get it running in production, I'll see if I can post the full solution (exposing my lack of knowledge in C#/mvc core!!).

https://developer.okta.com/blog/2019/07/12/secure-your-aspnet-core-app-with-oauth

© 1996-2024