OKTA Integration With Orchestrator Failing

News Knowledge Base
, ,
1

Resolution for OKTA Integration with Orchestrator Failing.

Issue Description: Orchestrator not loading after OKTA Integration with Orchestrator is configured in the following locations:

  • https://orchestratorURL/identity Identity Management External Providers settings

OR

  • The SAML configuration file that the user-created to override the Identity Management External Providers settings

Troubleshooting Steps:

  1. Capture a screenshot of the error message
  2. Capture the Application Event Viewer logs from the Orchestrator Machine after causing the error

HowTo:

Go to Start > Run > eventvwr.

Right-click Windows Logs -> Application and select Save All Event as.

  1. Save the log in the evtx format and share it.

Resolutions depending on the Error Message and the Error Presented in the Event Viewer Logs:

  • Ensure to install the OKTA signing certificate in the Personal and Trusted Root credential store

Steps to import certificate:

  1. Enter Start | Run | MMC
    1. Click File | Add/Remove Snap-in
    2. In the Add or Remove Snap-ins window, select Certificates and click Add
    3. Select the Computer account radio button when prompted and click Next
    4. Select Local computer (selected by default) and click Finish
    5. Back in the Add or Remove Snap-ins window, click OK
    6. In the MMC main console, click on the plus (+) symbol to expand the Certificate snap-in
    7. Navigate to Personal | Certificates pane
    8. Right-click within the Certificates panel and click All Tasks | Import to start the Certificate Import Wizard
    9. Follow the wizard to import the signed certificate.

  1. Try using the thumbprint instead of the Serial Number. (Find the thumbprint in the Certificate details.) See the screenshot below:

  • See the screenshot below for Orchestrator requesting the thumbprint:

  1. Ensure to follow the instructions as provided in Okta Authentication
  2. Check for hidden characters in the thumbprint used for the certificate by completing the following steps:

  1. Copy the thumbprint from the details tab of the certificate from the mmc console
  2. Paste the thumbprint into Notepad++
  3. In Notepad++, go to the Encoding tab and select 'Encode in ANSI'. (This highlights the hidden characters)
  4. If a hidden character exists, remove it and repaste it where necessary.

  1. If an error similar to Sustainsys.Saml2.Configuration.CertificateElement.LoadCertificate() or IdentityProviders.Saml2.Configuration.CertificateElement.LoadCertificate() is found, the user is likely using a SAML configuration file to override the Identity Management External Providers settings (See Screenshot below).
  1. Ensure the Service Provider Entity ID ends with /identity.