Hello, I have less than 100 agents so i assume i qualify for enterprise features. I am attempting to setup Sensu dashboard with OKTA OIDC authentication method. After setting up Sensu for OKTA auth, i got this error.
{“message”:“oauth2: cannot fetch token: 400 Bad Request\nResponse: {“error”:“invalid_grant”,“error_description”:“The authorization code is invalid or has expired.”}”,“code”:0}
- Tell us about your setup, this should include OS, version of Sensu, version of Sensu components (redis, rabbitmq), plugin versions (if applicable), anything special about your setup such as an airgapped network or strict ACLs.
Sensu version used (sensuctl, sensu-backend, and/or sensu-agent): sensu-backend/sensu web
sensu/web revision: 5.16.1
web revision 499558f
Installation method: rpm packages
Operating System and version: redhat 7.7
web is running on port 3000
API is running on port 8080
To setup the OIDC config i used this yaml file.
type: oidc
api_version: authentication/v2
metadata:
name: okta
spec:
additional_scopes:
- groups
client_id: client_id
client_secret: client_secret
redirect_uri: https://mysensu.example:8080/api/enterprise/authentication/v2/oidc/callback
server: https://myokta.okta.com
groups_claim: groups
groups_prefix: 'okta'
username_claim: email
username_prefix: 'okta'
In OKTA I have this URI set for the redirect URI: https://mysensu.example.local:8080/api/enterprise/authentication/v2/oidc/callback
Screenshot of applicable logs from OKTA:
- Is there a Github issue related to your issue? Yes
https://github.com/sensu/web/issues/232