Okta 提供商 SSO 配置

¥Okta provider SSO configuration

本页面说明如何为单点登录 (SSO) 功能设置 Okta 提供商。

¥The present page explains how to setup the Okta provider for the Single Sign-On (SSO) feature.

Prerequisites

你已阅读如何配置 SSO 指南。

¥You have read the How to configure SSO guide.

安装

¥Installation

安装 passport-okta-oauth20:

¥Install passport-okta-oauth20:

yarn
npm

yarn add passport-okta-oauth20

npm install --save passport-okta-oauth20

配置示例

¥Configuration example

Okta SSO 提供程序在 config/admin 文件的 auth.providers 数组中配置：

¥The Okta SSO provider is configured in the auth.providers array of the config/admin file:

提醒

设置 OKTA_DOMAIN 环境变量时，请确保包含协议（例如 https://example.okta.com）。如果不这样做，你将陷入重定向循环。

¥When setting the OKTA_DOMAIN environment variable, make sure to include the protocol (e.g., https://example.okta.com). If you do not, you will end up in a redirect loop.

JavaScript
TypeScript

/config/admin.js

const OktaOAuth2Strategy = require("passport-okta-oauth20").Strategy;

module.exports = ({ env }) => ({
  auth: {
    // ...
    providers: [
      {
        uid: "okta",
        displayName: "Okta",
        icon: "https://www.okta.com/sites/default/files/Okta_Logo_BrightBlue_Medium-thumbnail.png",
        createStrategy: (strapi) =>
          new OktaOAuth2Strategy(
            {
              clientID: env("OKTA_CLIENT_ID"),
              clientSecret: env("OKTA_CLIENT_SECRET"),
              audience: env("OKTA_DOMAIN"),
              scope: ["openid", "email", "profile"],
              callbackURL:
                strapi.admin.services.passport.getStrategyCallbackURL("okta"),
            },
            (accessToken, refreshToken, profile, done) => {
              done(null, {
                email: profile.email,
                username: profile.username,
              });
            }
          ),
      },
    ],
  },
});

/config/admin.ts

import { Strategy as OktaOAuth2Strategy } from "passport-okta-oauth20";

export default ({ env }) => ({
  auth: {
    // ...
    providers: [
      {
        uid: "okta",
        displayName: "Okta",
        icon: "https://www.okta.com/sites/default/files/Okta_Logo_BrightBlue_Medium-thumbnail.png",
        createStrategy: (strapi) =>
          new OktaOAuth2Strategy(
            {
              clientID: env("OKTA_CLIENT_ID"),
              clientSecret: env("OKTA_CLIENT_SECRET"),
              audience: env("OKTA_DOMAIN"),
              scope: ["openid", "email", "profile"],
              callbackURL:
                strapi.admin.services.passport.getStrategyCallbackURL("okta"),
            },
            (accessToken, refreshToken, profile, done) => {
              done(null, {
                email: profile.email,
                username: profile.username,
              });
            }
          ),
      },
    ],
  },
});

安装​

配置示例​

安装

配置示例