SSO using OKTA SAML IN ANYPOINT PLATFORM
In this tutorial we will demonstrate on how we can Implement SSO using OKTA SAML External Identity Provider for MuleSoft Anypoint Platform
To Start with first create an account on OKTA
https://developer.okta.com/signup
Activate your account and login into it
Now we have to create an app for accessing OKTA server from Anypoint Platform
OKTA provide out of the box functionality to setup MuleSoft Anypoint platform app, for doing this
Change to classic view by clicking drop down
Click on add application
Select MuleSoft
Click Add
Change the app name as per your need and click done
Assign the group
Group will be shown
Click on Sign On then Edit and Enable Single Logout
This will expect a Signature certificate which we can get from Anypoint Platform by following below steps
Go to Anypoint platform -> identity providers -> SAML 2.0
Download the Idp signing certificate
Save on local disk
Upload the signing certificate in OKTA MuleSoft app configuration
Click Upload and this will upload the certificate
Click on View Setup Instructions and Click on Save
As this will provide below details we need in Anypoint platform setup
- Sign On URL – https://dev-6078239.okta.com/app/anypointplatform/exkfww9tIP2jLqufT5d5/sso/saml
- Sign Off URL – https://dev-6078239.okta.com
- Issuer – http://www.okta.com/exkfww9tIP2jLqufT5d5
- Public Key –
-----BEGIN CERTIFICATE----- MIIDpjCCAo6gAwIBAgIGAXVoxY/xMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC2Rldi02MDc4MjM5MRwwGgYJKoZIhvcNAQkB Fg1pbmZvQG9rdGEuY29tMB4XDTIwMTAyNzA2MzUxOVoXDTMwMTAyNzA2MzYxOVowgZMxCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLZGV2LTYwNzgyMzkxHDAa BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQCoh1pRR9FtopouiQU55yt0Xw7nKHUec3ebPEWloR2e+kHeO+gYxtjXjsTUzdWb87KMVs1pErEj 1Y3lL5DHVdqA5SZuvv4X02S+50XL/8mP3o+sDYEPzx12uu4tH2/w0eyGg/xq4yG92JSz109Hjzl1 2xJIefmBASzAQsQEh2RyNQBPfw/UKKL4YdIwNZ2xXPCTVw3jVMn+pTHVWoT1I9hFFQ89eA5hy9AW zZqOouT4YLDAzJ0t9iTXJ2kpUSEFj8PjpCvaL4Btazb9iqJrA7T2Y8iBJMWFeai0PwqAWiFPk2XZ sAv4riJoHsI6QuIaf95CCNo/ui4EnhQLjLu7sqZVAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHBR 2CM+Qw8sfqJ0cC20agXtL0w0wZUafozvclPYznPv5R7s8wFsayRG+5l+LWtOcvQrRG/SZReONzw5 IUIrji1oOH+Oqg9vdilbZcLYOZlIDZiAZsvsxTtl41OiAoaeFlVpCSh/u+vr4jFkbxxAUujVYRxa e3apzdd7JwRctQKQpmaLsGEWPNJsFOunmZtXLDfoIXQGupPeHCrjdFayOfbkqkxNRDg4OOsSWGCk 0RkHaDj3d2okmQoMdjKXQc6KLvC57DCL8jiqB6tKCAd2fNBDesyOjvJd8T1fCBhNeTBnxnrwsF7K Z6+83/2vlCzGvHdK0ij2quGPc2wld7+uE80= -----END CERTIFICATE-----
- Audience – exkfww9tIP2jLqufT5d5.anypoint.mulesoft.com
Add the details in Anypoint platform identity provider configuration
Click on create and now the identity provider -> external provider will come as enabled
Now let’s add a user in OKTA group
Go to Users -> Add Person
We can see the new user now assigned to Everyone group
Now we will get the SSO sign in url to login in Anypoint platform
Go to MuleSoft app in OKTA -> General -> Embed Link
https://dev-6078239.okta.com/home/anypointplatform/0oafww9uYs5aLLh5U5d5/aln18o1v0nq1J7xPx1d8
This will redirect us to OKTA login page
Provide the new username and credentials
We are able to login now in Anypoint Platform
Hi,
I’m facing one issue while accessing the anypoint login through OKTA using SAML 2.0 configuration.
Unauthorized: Unknown organization for SAML issuer and audience.
A quick response would really help alot.
Thanks