0

I am trying to use Okta widget for my app login page which is successfully works with adding domain name into security group under security/api/cors. However, I have one server host multiple app with same login page. what is the best way for I to add into enabled CORS list, I do not want to add like 100 domain into list and try to use wildcards (*) and it does not work.

jacobcan118
  • 7,797
  • 12
  • 50
  • 95
  • By "multiple apps", do you mean that you have separate subdomains/domains per app? If you are serving off of one domain, then Sohaib's answer should work for you. However, if you have multiple domains, you will need to enter them each manually (or write a script to do it for you). – remanc Nov 21 '16 at 22:33

1 Answers1

0

If you have multiple apps and one server and for each app, the login widget URLs will look like the URLs below:

<Server_Url>/app1/path1/sign-in-widget.html
<Server_Url>/app2/path2/sign-in-widget.html
<Server_Url>/appN/pathN/sign-in-widget.html

In this case you only need to add Server_Url to the CORS list in Okta. Adding this URL to the CORS list will work for all the apps. This will be appropriate if you have different sign in widgets for each app.

However, in the case that you are using same sign in widget for all your apps and you are using that as custom login page for each app. You can put the Sign-In Widget on your server e.g. <Server_Url>/sign-in-widget.html. Later inside sign-in-widget.html where when widget is rendered, you can use url to get which app loaded sign in widget using code below.

oktaSignIn.renderEl(
      { el: '#okta-login-container' },
      function (res) {
        if (res.status === 'SUCCESS') {

          var appUrls = {"springsecuritysaml_app":"http://localhost/spring-security-saml2-sample","simplesamlphpexample_app":"http://localhost/simplesamlphp-example/",}

          var url = String(window.location.href);

          var appUrlInOKta = String(url.split("?")[1]).split("=")[1];

          var decodedUrl = decodeURIComponent(appUrlInOKta);

          var appName = decodedUrl.split("/")[4];

          var appUrl = appUrls[appName];

          res.session.setCookieAndRedirect(appUrl);

        }
      } 
);

In the above piece of code, I am maintaining the dictionary of "app name to app URL". Where app name is what appears in the SSO URL of your app, for example SSO URL is:

https://org-name.okta.com/app/simplesamlphpexample_app/exy5xxxxVq70x7/sso/saml

So you map simplesamlphpexample_app from URL to the URL of app or app embed link of the app.

This way whichever app will load the same login widget, the widget will redirect to that app.

Joël Franusic
  • 1,178
  • 8
  • 18
Sohaib Ajmal
  • 261
  • 1
  • 4