Not able to disable "Authorize Requests" in OIDC IDP

okta / terraform-provider-okta

A Terraform provider to manage Okta resources, enabling infrastructure-as-code provisioning and management of users, groups, applications, and other Okta objects.

https://registry.terraform.io/providers/okta/okta

Mozilla Public License 2.0

255 stars 207 forks source link

Not able to disable "Authorize Requests" in OIDC IDP #1730

Open d02540315 opened 1 year ago

d02540315 commented 1 year ago

I have already specified "request_signature_scope" as NONE, but I'm not able to disable "Authorize Requests" for OIDC IDP. Enabling "Authorize Requests" causes issues with external IdP (e.g, DUO).

Terraform Version

terraform v1.4.6 okta provider v4.4.2

Affected Resource(s)

okta_idp_oidc

Terraform Configuration Files

d02540315 commented 1 year ago

There is a bug in my code. I managed to disable "Authorize Request" by setting request_signature_scope as "NONE". Please share any thoughts on enabling "Authorize Request" that would cause the IdP federation issue with DUO. I know that Okta is sending encrypted request parameters to external IdP when "Authorize Request" is enabled.

monde commented 1 year ago

@d02540315 can you open a support ticket https://support.okta.com/ this will escalate your question about Okta's interaction with DUO. The TF provider / our team / doesn't have this expertise and the support channel is the best way to get this addressed.

monde commented 1 year ago

@exitcode0 I think unstale.yml is too agreesive https://github.com/okta/terraform-provider-okta/blob/master/.github/workflows/unstale.yml I put the waiting response label this issue and want it to stay in place until I hear from @d02540315 so I'm inclined to ditch unstale.yml on the next release. Thoughts?

d02540315 commented 1 year ago

I will create a support case as @monde suggested. The issue is not specific to DUO and its with another external IdP (Idaptive) as well.

exitcode0 commented 1 year ago

@exitcode0 I think unstale.yml is too agreesive https://github.com/okta/terraform-provider-okta/blob/master/.github/workflows/unstale.yml I put the waiting response label this issue and want it to stay in place until I hear from @d02540315 so I'm inclined to ditch unstale.yml on the next release. Thoughts?

I'm happy with disabling it for now would filtering it to comment update actions only and/or comment update actions by the issue author resolve your concerns?

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 60 days with no activity. Comment or this will be closed in 5 days

exitcode0 commented 1 year ago

@d02540315 any success with going the Okta support case?