terraform-provider-okta icon indicating copy to clipboard operation
terraform-provider-okta copied to clipboard

Published 20 hours ago verified publisher icon okta

Not able to disable "Authorize Requests" in OIDC IDP

Open d02540315 opened this issue 1 year ago • 7 comments

I have already specified "request_signature_scope" as NONE, but I'm not able to disable "Authorize Requests" for OIDC IDP. Enabling "Authorize Requests" causes issues with external IdP (e.g, DUO).

Terraform Version

terraform v1.4.6 okta provider v4.4.2

Affected Resource(s)

  • okta_idp_oidc

Terraform Configuration Files

image image image

image image

d02540315 avatar Sep 15 '23 20:09 d02540315

There is a bug in my code. I managed to disable "Authorize Request" by setting request_signature_scope as "NONE". Please share any thoughts on enabling "Authorize Request" that would cause the IdP federation issue with DUO. I know that Okta is sending encrypted request parameters to external IdP when "Authorize Request" is enabled. image

d02540315 avatar Sep 15 '23 20:09 d02540315

@d02540315 can you open a support ticket https://support.okta.com/ this will escalate your question about Okta's interaction with DUO. The TF provider / our team / doesn't have this expertise and the support channel is the best way to get this addressed.

monde avatar Sep 19 '23 15:09 monde

@exitcode0 I think unstale.yml is too agreesive https://github.com/okta/terraform-provider-okta/blob/master/.github/workflows/unstale.yml I put the waiting response label this issue and want it to stay in place until I hear from @d02540315 so I'm inclined to ditch unstale.yml on the next release. Thoughts?

monde avatar Sep 19 '23 16:09 monde

I will create a support case as @monde suggested. The issue is not specific to DUO and its with another external IdP (Idaptive) as well.

d02540315 avatar Sep 19 '23 16:09 d02540315

@exitcode0 I think unstale.yml is too agreesive https://github.com/okta/terraform-provider-okta/blob/master/.github/workflows/unstale.yml I put the waiting response label this issue and want it to stay in place until I hear from @d02540315 so I'm inclined to ditch unstale.yml on the next release. Thoughts?

I'm happy with disabling it for now would filtering it to comment update actions only and/or comment update actions by the issue author resolve your concerns?

exitcode0 avatar Sep 19 '23 23:09 exitcode0

This issue is stale because it has been open 60 days with no activity. Comment or this will be closed in 5 days

github-actions[bot] avatar Oct 20 '23 00:10 github-actions[bot]

@d02540315 any success with going the Okta support case?

exitcode0 avatar Oct 23 '23 00:10 exitcode0