/
Adding Okta Authentication

Adding Okta Authentication

Owned by Phuong Dinh
Last updated: Feb 22, 2024 by Jon Cameron

This information comes from notes during the implementation of Okta within an Avalon instance.

TL,DR

Check these two commits

Steps

Add to Gemfile

gem 'omniauth-oktaoauth'

Add Okta provider to User model, use email as username

devise_list <<  { omniauth_providers: [:oktaoauth] } if ENV['OKTA_CLIENT_ID']

def self.find_by_username_or_email(login)
  create(username: email, email: email, password: Devise.friendly_token[0, 20], provider: provider)
end

Setup Okta params in config/initializers/devise.rb

    if provider[:provider] == :oktaoauth
      okta_params = params.delete(:oauth_credentials)
      params[:strategy_class] = params[:strategy_class].constantize if params.has_key?(:strategy_class)
      okta_params << params
      params = okta_params
    end

Add Okta config to auth block in config/settings.yml

  configuration:
  <% if ENV['OKTA_CLIENT_ID'] %>
  - :name: Avalon Okta Oauth
    :provider: :oktaoauth
    :hidden: false
    :params:
      :oauth_credentials: [<%= ENV['OKTA_CLIENT_ID'] %>, <%= ENV['OKTA_CLIENT_SECRET'] %>]
      :scope: 'openid profile email'
      :fields: ['profile','email']
      :client_options:
        site: <%= ENV['OKTA_ISSUER'] %>
        authorize_url: <%= ENV['OKTA_ISSUER'] + "/v1/authorize" %>
        token_url: <%= ENV['OKTA_ISSUER'] + "/v1/token" %>
      :redirect_uri: <%= ENV["OKTA_REDIRECT_URI"] %>
      :auth_server_id: <%= ENV['OKTA_AUTH_SERVER_ID'] %>
      :issuer: <%= ENV['OKTA_ISSUER'] %>
      :strategy_class: 'OmniAuth::Strategies::Oktaoauth'
  <% end %>
Example config
OKTA_ISSUER=https://okta.example.edu/oauth2
OKTA_REDIRECT_URI=https://avalon.example.edu/users/auth/oktaoauth/callback
OKTA_AUTH_SERVER_ID=""

Avoid infinite redirect, add to after_omniauth_failure_path_for method in app/controllers/users/omniauth_callbacks_controller.rb

    when 'oktaoauth'
      msg = I18n.t 'devise.omniauth_callbacks.failure', reason: failure_message
      root_path

Related content

Manual Installation Instructions
Manual Installation Instructions
Avalon Media System
Read with this
Configuring LTI
Configuring LTI
Avalon Media System
More like this
Campus Authentication with Shibboleth
Campus Authentication with Shibboleth
Samvera
More like this
Configuration Files
Configuration Files
Avalon Media System
More like this
Upgrading Avalon 7.0 to Avalon 7.1
Upgrading Avalon 7.0 to Avalon 7.1
Avalon Media System
More like this
Upgrading Avalon 6.5 to Avalon 7.0
Upgrading Avalon 6.5 to Avalon 7.0
Avalon Media System
More like this