RedHat SSO Integration with OKTA – SAML Based

This article describes how it is possible to use OKTA as a SAML IDP (Identity Provider) and configure RH-SSO as a SP (Service Provider).

RedHat SSO Integration with OKTA : In this example, the NameID used is persistent. It means that user at IDP Provider (OKTA) shall also exist at SP provider (RH-SSO). Once the configuration done, it is possible to authenticate a RH-SSO user directly against OKTA IDP.

The configuration is done as fllows:

1) Create a new realm test_saml_okta (RH-SSO)

select add Identity provider
Notice the redirect URI created

2) OKTA IDP configuration

You first need to register at OKTA for an evaluation account

The way to configure OKTA as a SAML IDP is described at
https://developer.okta.com/standards/SAML/setting_up_a_saml_application_in_okta

Some important points to be noticed:

3) SAML Configuration of RH-SSO

You can can paste the URL of the OKTA medata.
It will fill RH-SSO with all teh SAML information w.r.t to OKTA

At this stage you can save the configuration.

4) Adding attribute provider

RH-SSO requires 3 attributes (mandatory):
firstname, lastname, and email.

Mappers are used to map the attribute received from the SAML assertion ont RH-SSO attribute.
value to provided

5) Creating a new user in RH-SSO realm

You need to create a user within this realm (which is exactly the one created for Okta)

6) Testing (1st time)

7) Testing (2nd time and more)

As a consequence, it means that as long as accounts are linked, RH-SSO authentication will no longer be called. When using saml authentication, you are first redirected to OKTA for authentication.
Upon successful authentication, you will get RH-SSO autehntication immediately.

Olivier Rivat

Olivier Rivat

Senior Software Engineer with over 25 years of experience doing Software Development, Support and Consulting in Identity and Access Management Solutions.
Specialised in IAM (security, access control, identity management) and Open Source integration, settled in 2004 by IAM industry veteran, JANUA offers high value-added products and services to businesses and governements with a concern for Identity Management and Open Source components.
JANUA provides better security, build relationships, and enable new cloud, mobile, and IoT offerings from any device or connected thing.
Olivier Rivat