SSO using OKTA OpenID IN ANYPOINT PLATFORM

 

In this tutorial we will demonstrate on how we can Implement SSO using OKTA OpenID External Identity Provider for MuleSoft Anypoint Platform

To Start with first create an account on OKTA

https://developer.okta.com/signup

SSO using OKTA in Anypoint Platform

 

Activate your account and login into it

SSO using OKTA in Anypoint Platform

 

Your account will be setup with similar URL like – https://dev-6078239-admin.okta.com

Once login – go to API -> Authorization Servers

https://dev-6078239-admin.okta.com/admin/oauth2/as

SSO using OKTA in Anypoint Platform

 

Click on default

SSO using OKTA in Anypoint Platform

 

We can see two details Issuer and Metadata URI

If we open the Metadata URI in browser we can see more details like issuer, authorization_endpoint and token_endpoint which will be needed in Anypoint Platform

{
  "issuer": "https://dev-6078239.okta.com/oauth2/default",
  "authorization_endpoint": "https://dev-6078239.okta.com/oauth2/default/v1/authorize",
  "token_endpoint": "https://dev-6078239.okta.com/oauth2/default/v1/token",
  "registration_endpoint": "https://dev-6078239.okta.com/oauth2/v1/clients",
  "jwks_uri": "https://dev-6078239.okta.com/oauth2/default/v1/keys",
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "code id_token",
    "code token",
    "id_token token",
    "code id_token token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post",
    "okta_post_message"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit",
    "refresh_token",
    "password",
    "client_credentials"
  ],
  "subject_types_supported": [
    "public"
  ],
  "scopes_supported": [
    "openid",
    "profile",
    "email",
    "address",
    "phone",
    "offline_access"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post",
    "client_secret_jwt",
    "private_key_jwt",
    "none"
  ],
  "claims_supported": [
    "ver",
    "jti",
    "iss",
    "aud",
    "iat",
    "exp",
    "cid",
    "uid",
    "scp",
    "sub"
  ],
  "code_challenge_methods_supported": [
    "S256"
  ],
  "introspection_endpoint": "https://dev-6078239.okta.com/oauth2/default/v1/introspect",
  "introspection_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post",
    "client_secret_jwt",
    "private_key_jwt",
    "none"
  ],
  "revocation_endpoint": "https://dev-6078239.okta.com/oauth2/default/v1/revoke",
  "revocation_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post",
    "client_secret_jwt",
    "private_key_jwt",
    "none"
  ],
  "end_session_endpoint": "https://dev-6078239.okta.com/oauth2/default/v1/logout",
  "request_parameter_supported": true,
  "request_object_signing_alg_values_supported": [
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512",
    "ES256",
    "ES384",
    "ES512"
  ]
}

 

Now we will create an app for accessing OKTA server from Anypoint Platform

OKTA dashboard -> Click on Application

 

Click on add application and chose web

 

We have to provide below details

We can get the Login redirect URIs from Anypoint platform

Click on user manual registration

 

Copy the redirect URI

 

Fill the details and click done

 

This will create the client app in OKTA with client credentials

 

Please note down the client id and secret

  • Client id – 0oafvmn08ElEjRTyy5d5
  • Client secret – y3MtvsUlKbEtRSwUOHpycxtryi5ZVsVkcQ1KLyzC

 

Now let’s fill the details in Anypoint platform

 

We need following details

  • Client id – OKTA client app’s client id
  • Client secret – OKTA client app’s client secret
  • OpenID Connect Issuer – issuer in Metadata URI JSON
  • Authorize URL– authorization_endpoint in Metadata URI JSON
  • Token URL – token_endpoint in Metadata URI JSON
  • User Info URL – change the token to userinfo in token endpoint

 

Click on create and now the identity provider -> external provider will come as enabled

 

Now let’s add a user in OKTA

Go to Users -> Add Person

 

We can see the new user now

 

Now we will use our Anypoint redirect URL to login to Anypoint platform

https://anypoint.mulesoft.com/accounts/login/mulesy-107

This will redirect us to OKTA login page

SSO using OKTA in Anypoint Platform

 

Provide the new username and credentials

SSO using OKTA in Anypoint Platform

 

We are able to login now in Anypoint Platform

SSO using OKTA in Anypoint Platform

 

  
Thank you for taking out time to read the above post. Hope you found it useful. In case of any questions, feel free to comment below. Also, if you are keen on knowing about a specific topic, happy to explore your recommendations as well.
 
For any latest updates or posts on our website, you can follow us on LinkedIn. Look forward to connecting with you there.
Share this:
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments