401 when calling registerSSOProvider

Hi,
I'm starting an integration with Okta SSO with SAML v2 and I'm getting a 401 UNAUTHORIZED when calling registerSSOProvider.
Are there any example implementations with SAML v2 or Okta in particular?
My config looks like this:

auth.api.registerSSOProvider({
      body: {
        providerId: "okta",
        issuer: "http://www.okta.com/******",
        domain: "getinboxzero.com",
        organizationId: "org_okta_test",
        samlConfig: {
          entryPoint: "https://integrator-******.okta.com/app/integrator-******/******/sso/saml",
          cert: process.env.OKTA_CERT_TEST_ORG,
          callbackUrl: "http://localhost:3000/api/auth/sso/callback/okta",
          audience: "http://localhost:3000",
          wantAssertionsSigned: false,
          signatureAlgorithm: "sha256",
          digestAlgorithm: "sha256",
          identifierFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
          idpMetadata: {
            metadata: process.env.OKTA_IDP_METADATA,
            privateKey: process.env.OKTA_PRIVATE_KEY_TEST_ORG,
            isAssertionEncrypted: false,
          },
          spMetadata: {
            metadata: process.env.OKTA_SP_METADATA,
            binding: "post",
            privateKey: process.env.OKTA_PRIVATE_KEY_TEST_ORG,
            isAssertionEncrypted: false
          }
        },
        mapping: {
          id: "nameID",
          email: "email",
          name: "displayName",
          extraFields: {
            department: "department",
            role: "role"
          }
        },
      },
      headers: new Headers(),
    })

auth.api.registerSSOProvider({
      body: {
        providerId: "okta",
        issuer: "http://www.okta.com/******",
        domain: "getinboxzero.com",
        organizationId: "org_okta_test",
        samlConfig: {
          entryPoint: "https://integrator-******.okta.com/app/integrator-******/******/sso/saml",
          cert: process.env.OKTA_CERT_TEST_ORG,
          callbackUrl: "http://localhost:3000/api/auth/sso/callback/okta",
          audience: "http://localhost:3000",
          wantAssertionsSigned: false,
          signatureAlgorithm: "sha256",
          digestAlgorithm: "sha256",
          identifierFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
          idpMetadata: {
            metadata: process.env.OKTA_IDP_METADATA,
            privateKey: process.env.OKTA_PRIVATE_KEY_TEST_ORG,
            isAssertionEncrypted: false,
          },
          spMetadata: {
            metadata: process.env.OKTA_SP_METADATA,
            binding: "post",
            privateKey: process.env.OKTA_PRIVATE_KEY_TEST_ORG,
            isAssertionEncrypted: false
          }
        },
        mapping: {
          id: "nameID",
          email: "email",
          name: "displayName",
          extraFields: {
            department: "department",
            role: "role"
          }
        },
      },
      headers: new Headers(),
    })

auth.api.registerSSOProvider({
      body: {
        providerId: "okta",
        issuer: "http://www.okta.com/******",
        domain: "getinboxzero.com",
        organizationId: "org_okta_test",
        samlConfig: {
          entryPoint: "https://integrator-******.okta.com/app/integrator-******/******/sso/saml",
          cert: process.env.OKTA_CERT_TEST_ORG,
          callbackUrl: "http://localhost:3000/api/auth/sso/callback/okta",
          audience: "http://localhost:3000",
          wantAssertionsSigned: false,
          signatureAlgorithm: "sha256",
          digestAlgorithm: "sha256",
          identifierFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
          idpMetadata: {
            metadata: process.env.OKTA_IDP_METADATA,
            privateKey: process.env.OKTA_PRIVATE_KEY_TEST_ORG,
            isAssertionEncrypted: false,
          },
          spMetadata: {
            metadata: process.env.OKTA_SP_METADATA,
            binding: "post",
            privateKey: process.env.OKTA_PRIVATE_KEY_TEST_ORG,
            isAssertionEncrypted: false
          }
        },
        mapping: {
          id: "nameID",
          email: "email",
          name: "displayName",
          extraFields: {
            department: "department",
            role: "role"
          }
        },
      },
      headers: new Headers(),
    })

auth.api.registerSSOProvider({
      body: {
        providerId: "okta",
        issuer: "http://www.okta.com/******",
        domain: "getinboxzero.com",
        organizationId: "org_okta_test",
        samlConfig: {
          entryPoint: "https://integrator-******.okta.com/app/integrator-******/******/sso/saml",
          cert: process.env.OKTA_CERT_TEST_ORG,
          callbackUrl: "http://localhost:3000/api/auth/sso/callback/okta",
          audience: "http://localhost:3000",
          wantAssertionsSigned: false,
          signatureAlgorithm: "sha256",
          digestAlgorithm: "sha256",
          identifierFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
          idpMetadata: {
            metadata: process.env.OKTA_IDP_METADATA,
            privateKey: process.env.OKTA_PRIVATE_KEY_TEST_ORG,
            isAssertionEncrypted: false,
          },
          spMetadata: {
            metadata: process.env.OKTA_SP_METADATA,
            binding: "post",
            privateKey: process.env.OKTA_PRIVATE_KEY_TEST_ORG,
            isAssertionEncrypted: false
          }
        },
        mapping: {
          id: "nameID",
          email: "email",
          name: "displayName",
          extraFields: {
            department: "department",
            role: "role"
          }
        },
      },
      headers: new Headers(),
    })

401 when calling registerSSOProvider

Similar Threads

Similar Threads

Similar Threads