400 Bad Request

  • Hello,

    I am trying to configure Okta authentication. I have an existing Okta account tied to my organization’s Active Directory system. My organization URL is https://wlu.okta.com. I added the base URI https://events.wlu.io and the login redirect URI to the appropriate sections in the Okta Developer Console. I generate a Client ID and Client Secret and inserted those values into the plugin. All appears to be good and the Okta login option appears on my /wp-admin and wp-login pages when not logged in. When I submit my credentials, however, I am returned a 400 error, with the following information.

    Identity Provider: Unknown
    Error Code: server_error
    Description: The requested feature is not enabled in this environment.

    Please provide guidance. I don’t know where to start.

    Thanks,
    Eric

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

  • @owsleye

    I had the same issue and I posted to the discussion my solution to your issue:

    https://developer.okta.com/blog/2018/10/30/wordpress-authentication-with-okta

    “Just wanted to add some points that might help others reading this article get your WP plugin to work.

    I was getting 400 errors when logging in.(Identity Provider: Unknown, Error Code: invalid_request, Description: The ‘redirect_uri’ parameter must be an absolute URI that is whitelisted in the client app settings.) Spent a bunch of time trying to debug this and turns out that the solution to avoid this error is to enter for Login redirect URI as: https://yourdomain.com/wp-l… and for the initiate login URI https://yourdomain.com/wp-l… (make sure these match. In your screenshot you have an ending / appended and when I added one I received the 400 error. I removed it and all worked as expected. I would also recommend readers go to (in Okta Dashboard > API > Trusted Origins and make sure the Redirect is set up correctly (this is automatically added when you create a web app but if you are experimenting they could get out of sync) Just double check that all URIs match EXACTLY.

    You also mention taking the env.example.php to env.php. To do this I suggest cloning the repo locally. Create a new env.php file in the root of the repo you just cloned. Copy your env.example.php code to your env.php code. Update your client id and secret in your new env.php. Save it. Then compress that local repo into a .zip file
    Then you can go to WordPress Dashboard > New Plugin and upload your zip file to WordPress. Click on Plugins to see the new Plugin and then activate it.

    That is all you need to do with the env.php file. You don’t need to use composure and download dotenv or anything. Aaron has all the code needed for the plugin to read the env.php inside the plugin.
    After reading the article and checking that you followed the steps I just outlined, you should be able to see the Okta Sign In widget when you visit, https://yourdomain.com/wp-l…
    Then enter your Okta username and password credentials and you will be taken to the WP dashboard.
    Please make sure you follow Aaron’s advice – “Make sure the email address on your Okta account matches the email address of your WordPress admin user, as that’s what will be used to match up Okta accounts to WordPress accounts.”

    Another suggestion is that in this article Everyone was assigned to the WP app. Maybe create a group called WP Admins and put all your admins in that group and then assign that group to your WP app.”

    Also if you have any questions on Okta integrations check this out: https://ironcovesolutions.com/technology/okta

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘400 Bad Request’ is closed to new replies.