Closed burimbd closed 5 months ago
This issue has been marked stale because there has been no activity within the last 14 days. To keep this issue active, remove the stale
label.
I just experienced this as well. Is there some instructions on how to use client application for authentication with the okta provider?
@tl24 as a workaround you can convert the pem private key you get from the Okta Admin dashboard to rsa format using openssl as follows:
openssl rsa -in <oktaDashboardPrivateKey.pem> -out <rsaKey.pem>
Change the file names to match yours. Hope this helps.
@burimbd Thanks! Exactly what I was looking for. Tried changing the text in the section headers, but no luck there.
This issue has been marked stale because there has been no activity within the last 14 days. To keep this issue active, remove the stale
label.
This issue has been marked stale because there has been no activity within the last 14 days. To keep this issue active, remove the stale
label.
@burimbd here is some information that you'll find useful about private key formats that we are working on for the terraform provider:
Check that the generated private key is in PKCS#1 encoding, the format required by the Okta Terraform provider. In that format, the file containing the private key begins with `-----BEGIN RSA PRIVATE KEY-----`. You can convert the key to the correct format using the OpenSSL command line program:
In a terminal, navigate to the file path where you saved the original private key.
Run the following command:
`openssl rsa -in {ORIGINAL_PRIVATE_KEY} -out {CONVERTED_PRIVATE_KEY}`
*ORIGINAL_PRIVATE_KEY*: The file containing the key generated earlier.
*CONVERTED_PRIVATE_KEY*: The file containing the converted key.
Note: The file containing the converted private key must begin with “-----BEGIN RSA PRIVATE KEY-----”. If not, try step two again.
Re-opned this. The okta-sdk-golang client should be smarter and try to interchange pkcs1 and pkcs8 formats imo: https://github.com/okta/okta-sdk-golang/blob/b145286aeae96f4e5173640a537769ded8342cc0/okta/requestExecutor.go#L237-L259 This keeps coming up in our Terraform discussions. cc: @duytiennguyen-okta @jefftaylor-okta
This issue has been marked stale because there has been no activity within the last 14 days. To keep this issue active, remove the stale
label.
Please keep this issue open. This is causing a lot of confusion with our developers as the expectation is Okta-generated keys should work as-is with Okta SDKs without a manual openssl conversion step.
+1 This is really surprising that Okta's own SDK can't handle the keys generated by their own admin portal.
Also, not sure what this PR is #407 since it's some template file but it seems to contain code for handling non-rsa keys.
Close this as it is fixed in the newer version of the SDK
Describe the bug?
When I generate a public/private key pair in the application page on the okta admin portal, the pem version of the generated Key is as follows:
-----BEGIN PRIVATE KEY----- redacted -----END PRIVATE KEY-----
However, the sdk expects the private key to be of the following format:-----BEGIN RSA PRIVATE KEY----- redacted -----END RSA PRIVATE KEY-----
This means that I cannot use a private key as generated from the portal. Given that the key is generated from okta and the sdk is built by okta, it would be nice if things worked together.Not sure where the change should be made.
What is expected to happen?
I expected to be able to use the keys as generated from the Okta admin portal.
What is the actual behavior?
keys generated from the okta admin portal fail with the error:
RSA private key is of the wrong type
Reproduction Steps?
RSA private key is of the wrong type
Additional Information?
No response
Golang Version
go version go1.19.3 linux/amd64
SDK Version
github.com/okta/okta-sdk-golang/v2 v2.14.0
OS version
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)" NAME="Debian GNU/Linux" VERSION_ID="11" VERSION="11 (bullseye)" VERSION_CODENAME=bullseye ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/"