Configuring Okta on HCL Discover

  • Okta supports only SSL Portal website on Chrome and Edge browsers.
  • Okta supports both SSL and non-SSL Portal website on Firefox browser.
  • Use a valid certificate. Do not use IIS Developer certificate.
  • Okta is not supported on Docker or SoFy environments.
The scenarios for configuration of Okta are as follows:

Upgrading to 12.1.12

Before you begin

Backup all files before you modify them. These changes are applicable only in the Portal/Report server.

Procedure

  1. Navigate to the <Discover_Installed_Dir>\Portal\WebApp location and open the Web.config file.
  2. Within the AppSettings section, add the following new key to continue with DB/NT Authentication: 
    <add key="owin:AutomaticAppStartup" value="false" />
  3. Restart all services of Portal/Report server.

Upgrading to 12.1.12 and Setting Authentication Mode to Okta

Before you begin

Backup all files before you modify them. These changes are applicable only in the Portal/Report server.

Procedure

  1. In ReportConfig.exe, select OKTA for Authentication Method.
  2. Navigate to the <Discover_Installed_Dir>\Portal\WebApp location and make the following changes in the Web.config file.
    1. Within the AppSettings section, configure the following settings:
      Note: The following settings are case-sensitive and must exactly match the configurations done on your organization-specific Okta website.
      <add key="okta:OktaDomain" value="https://xxxxxxx.okta.com/"/>
<add key="okta:AuthorizationServerId" value="default" />
<add key="okta:ClientId" value="xxxxxxxxx" />
<add key="okta:ClientSecret" value="xxxxxxxx" />
<add key="okta:RedirectUri" value="https://<Domain_Name>/Portal/authorization-code/callback"/>     
<add key="okta:PostLogoutRedirectUri" value="https://<Domain_Name>/Portal/SignOut.aspx"/>
<add key="autoFormsAuthentication" value="false"/>
<add key="enableSimpleMembership" value="false"/>
<add key="aspnet:SuppressSameSiteNone" value="true" />
    2. Comment out the machineKey section. 
      <machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="Auto"/>
    3. TargetFramework must be version 4.7.2 or above. The version should be match the installed OKTA version and should be selected in Server Manager's roles. 
      <compilation debug="false" targetFramework="4.7">
    4. Comment out authorization section. 
      <authorization>
	<deny users="?"/>
</authorization>
    5. Add the following libraries within the Runtime → assemblyBinding section. 
      <dependentAssembly>
	<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral"/>
	<bindingRedirect oldVersion="0.0.0.0-11.0.0.0" newVersion="13.0.0.0"/>
</dependentAssembly>
<dependentAssembly>
	<assemblyIdentity name="Microsoft.IdentityModel.Tokens" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
	<bindingRedirect oldVersion="0.0.0.0-6.30.1.0" newVersion="6.30.1.0"/>
</dependentAssembly>
<dependentAssembly>
	<assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
	<bindingRedirect oldVersion="0.0.0.0-6.30.1.0" newVersion="6.30.1.0"/>
</dependentAssembly>
<dependentAssembly>
	<assemblyIdentity name="Okta.AspNet.Abstractions" publicKeyToken="a5a8152428dc4790" culture="neutral"/>
	<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0"/>
</dependentAssembly>
<dependentAssembly>
	<assemblyIdentity name="Microsoft.IdentityModel.Protocols.OpenIdConnect" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
	<bindingRedirect oldVersion="0.0.0.0-6.30.1.0" newVersion="6.30.1.0"/>
</dependentAssembly>
<dependentAssembly>
	<assemblyIdentity name="Microsoft.IdentityModel.Protocols" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
	<bindingRedirect oldVersion="0.0.0.0-6.30.1.0" newVersion="6.30.1.0"/>
</dependentAssembly>
<dependentAssembly>
	<assemblyIdentity name="IdentityModel" publicKeyToken="e7877f4675df049f" culture="neutral"/>
	<bindingRedirect oldVersion="0.0.0.0-6.1.0.0" newVersion="6.1.0.0"/>
</dependentAssembly>
<dependentAssembly>
	<assemblyIdentity name="System.Text.Json" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral"/>
	<bindingRedirect oldVersion="0.0.0.0-7.0.0.0" newVersion="7.0.0.0"/>
</dependentAssembly>
<dependentAssembly>
	<assemblyIdentity name="System.Text.Encodings.Web" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral"/>
	<bindingRedirect oldVersion="0.0.0.0-7.0.0.0" newVersion="7.0.0.0"/>
</dependentAssembly>
<dependentAssembly>
	<assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral"/>
	<bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0"/>
</dependentAssembly>
<dependentAssembly>
	<assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral"/>
	<bindingRedirect oldVersion="0.0.0.0-4.0.1.2" newVersion="4.0.1.2"/>
</dependentAssembly>
<dependentAssembly>
	<assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral"/>
	<bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0"/>
</dependentAssembly>
    6. Within the Authentication mode ="Form" section, change the loginUrl value from Default.aspx to Login.aspx.
    7. If you have completed Upgrading to 12.1.12, comment out the following line: 
      <add key="owin:AutomaticAppStartup" value="false" />
  3. Restart all services of Portal/Report server.

Changing Authentication Mode back to DB (3DES) from Okta

Before you begin

Backup all files before you modify them. These changes are applicable only in the Portal/Report server.

Procedure

  1. In ReportConfig.exe, select 3DES for Authentication Method.
  2. Navigate to the <Discover_Installed_Dir>\Portal\WebApp location and make the following changes in the Web.config file.
    1. Uncomment the machineKey section. 
      <machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="Auto"/>
    2. Uncomment the authorization section. 
      <authorization>
	<deny users="?"/>
</authorization>
    3. Within the Authentication mode ="Form" section, change the loginUrl value from Login.aspx to Default.aspx.
    4. Within the AppSettings section, add the following new key to continue with DB/NT Authentication: 
      <add key="owin:AutomaticAppStartup" value="false" />
  3. Restart all services of Portal/Report server.