https://www.gooddata.com/ logo
Join Slack
Powered by
Hello. I am configuring external OIDC provider wit...
# gooddata-cloud
u
Hello. I am configuring external OIDC provider with Okta. We configured with the following api request.
Copy code
curl -H "Authorization: Bearer XXXXXX" \
    --header 'Content-Type: application/vnd.gooddata.api+json' --request PUT --data '{
  "data": {
    "id": "jyoz7djfd3",
    "type": "organization",
    "attributes": {
      "name": "ReHATCH Inc..",
      "hostname": "<http://XXXX.cloud.gooddata.com|XXXX.cloud.gooddata.com>",
      "oauthIssuerLocation": "<https://XXX.okta.com/>",
      "oauthClientId": "XXXXXX",
      "oauthClientSecret": "XXXXXX"
    }
  }
}'  "<https://rehatch.cloud.gooddata.com/api/v1/entities/admin/organizations/jyoz7djfd3>"
However, we got the following error when we open XXXX.cloud.gooddata.com. Is is able for you to confirm what configuration metadata did not match?
Copy code
{
  "title": "Unauthorized",
  "status": 401,
  "detail": "401 UNAUTHORIZED \"Authorization failed for given issuer \"<https://XXX.okta.com/>\". The Issuer \"<https://XXX.okta.com>\" provided in the configuration metadata did not match the requested issuer \"<https://XXX.okta.com/>\"\"",
  "traceId": "6ce9b525fe55b07be0a22a2d0b99a5cd"
}
m
Hi Yuya, I see you have configured the issuer:
Copy code
<https://issuer.okta.com>
However, the requested issuer is:
Copy code
<https://issuer-admin.okta.com/>
Please make sure the issuer in the configuration metadata matches the requested issuer.
u
@Moises Morales Hi Moises, Are you implying that you have actually seen our configured data? Actually,
Copy code
"oauthIssuerLocation": "<https://XXX.okta.com/>",
is in the form of
Copy code
"oauthIssuerLocation": "<https://YYY-admin.okta.com/>",
, so I intended to configure 
<https://YYY-admin.okta.com/>
.
m
I found the details in our logs, however, the issuers can also be seen in the screenshot you shared, so if you did not intend to share this info, feel free to remove it. The reason is not working is due to the trailing slash at the end of the issuer: 
/
, you will need to remove it from the OKTA configuration so it matches the openID configuration.
u
@Moises Morales I removed 
-admin
and tried again but the same error occurred. What is the reason this time?
Copy code
{
  "title": "Unauthorized",
  "status": 401,
  "detail": "401 UNAUTHORIZED \"Authorization failed for given issuer \"<https://trial-3767928.okta.com/>\". The Issuer \"<https://trial-3767928.okta.com>\" provided in the configuration metadata did not match the requested issuer \"<https://trial-3767928.okta.com/>\"\"",
  "traceId": "cd2eaecff0b405ecf56affbf4685fedd"
}
m
@岡田侑弥 I have sent you the complete log via PM, it refers to the wrong issuer again. Please check it and make the adjustments as needed.
Open in Slack
PreviousNext
Powered by