search

okta / okta-signin-widget

HTML/CSS/JS widget that provides out-of-the-box authentication UX for your organization's apps
Other
376 stars 319 forks source link

User is not getting landed into application page when using widget version 7 #3026

Open IlanJana opened 1 year ago

IlanJana commented 1 year ago

Describe the bug

Im using a custom domain in my Okta org (abc.okta.com) with Okta hosed login model. When using widget version of 7, I'm facing the below issues: 1) When username is given in main org (abc.okta.com) during IdP redirection to another org (def.okta.com) for authentication, the username is not getting populated automatically in login page of def.okta.com org 2) When user is trying to login to any app in org (abc.okta.com) without any active session, users who have IdP rule configured are getting routed to Okta dashboard rather than the actual application. For the same scenario, if the user already has a session, the user is logged into the app without any issues.

The above mentioned issues is happening even with the default okta code of custom sign-in widget. (Both are classic engine tenants)

What is expected to happen?

For scenario 1, user name should be populated automatically in (def.okta.com) org login page For scenario 2, users should get landed into the target application even when the flow is initiated without any active session in org (abc.okta.com)

What is the actual behavior?

For scenario 1, username filed is blank in org (def.okta.com) even though it was given in the org (abc.okta.com) during login. For scenario 2, users are getting landed in the Okta dashboard when the user has no active session in the tenant (abc.okta.com)

Reproduction Steps

Setup a custom domain with version 7 in classic tenant. Setup a routing rule to another classic tenant with same widget version. Try login to any app in the actual tenant with default custom code. After authentication, it will add the user in okta dashboard page

SDK Versions

Okta sign-in widget version 7 (Okta hosted sign-in widget)

Execution Environment

Browser: Chrome Language: Javascript Org2Org connection is done via SAML app

Additional Information?

No response

jaredperreault-okta commented 1 year ago

@IlanJana A breaking change included in the widget 7 release is the default engine is no longer "classic". Widget 7 requires you to "opt-in" to use classic engine via the configuration useClassicEngine: true. Since you're using a custom domain, you'll be able to add this configuration to your widget via the editor in your admin console

Docs: https://github.com/okta/okta-signin-widget#useclassicengine

IlanJana commented 1 year ago

@jaredperreault-okta Thanks for looking into it! Unfortunately the same issue occurs with version 6 as well which I hope will be considered as classic engine

jaredperreault-okta commented 1 year ago

If you haven't already, you can try reaching out to https://support.okta.com/. They can help determine if this is a code issue (problem with the signin-widget) or an org configuration issue