23
Views
0
Comments
Integrating Outsystems with LDAP interface of OKTA

Hi,
I'm trying to connect Outsystems with LDAP interface exposed by OKTA. (but it could be any other LDAP as far as I understand)
  We are doing this instead of the SAML SSO method because our product has a requirement no to show the SSO screen of OKTA during authentication and throw the user out of the app to an auth scren and back to the app again.

  I've configured my interface as such:
Authentication: LDAP
LDAP URL: ldaps://my-okta-domain.okta.com:636/dc=my-okta-domain,dc=okta,dc=com
Use standard LDAP Selected,
Filter: (uid={0})
Manager DN - empty
Manager Password - empty
Username -  user@mail.com format
Username and password provided for a user, who can sign in in to OKTA with these credentials, Also I can connect to this config via ldapsearch util from ubuntu bash

When I'm testing connection from the Users management interface the test button gives to results -
1) Validating credentials - failed, Invalid Login
2) Synchronizing with LDAP - passed.


If I add Manager DN and Manager password to the previous set as
Manager DN: uid=user@mail.com,dc=my-okta-domain,dc=okta,dc=com
Manager Password: same as test username password

I get the fallowing result:

1) Validating credentials - failed, The server is unavailable
2) Synchronizing with LDAP - failed, The server is unavailable
In ServiceCenter I see this error:


The server is unavailable.
at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
at OutSystems.NssAuthentication.CssAuthentication.GetLdapConnection(String ssHostname, String ssUsername, String ssPassword)
at OutSystems.NssAuthentication.CssAuthentication.MssLDAP_Search_WithAuthenticationTypeAndLdapConnection(String ssUsername, String ssPassword, String ssPath, String ssFilter, Boolean ssFindOne, String ssFilterScope, Int32 ssMaxResults, String ssAuthenticationType, RLNodeRecordList& ssNodes)
at OutSystems.NssAuthentication.CssAuthentication.MssLDAP_Search_WithAuthenticationType(String ssUsername, String ssPassword, String ssPath, String ssFilter, Boolean ssFindOne, String ssFilterScope, Int32 ssMaxResults, String ssAuthenticationType, Boolean ssFallbackLdapConnection, RLNodeRecordList& ssNodes)
at ssUsers.RssExtensionAuthentication.MssLDAP_Search_WithAuthenticationType(HeContext heContext, String inParamUsername, String inParamPassword, String inParamPath, String inParamFilter, Boolean inParamFindOne, String inParamFilterScope, Int32 inParamMaxResults, String inParamAuthenticationType, Boolean inParamFallbackLdapConnection, RecordList& outParamNodes)


I've tried a number of different permutations of these fields, but can't seem to make this thing to work. Any advice?

Started to dig in to the Users module and at this time I almost want to decompile the dll for authentication almost, as I can't wrap my head around what am I doing wrong.

P.S. this is a mobile app (not PWA)