Authentication policy with okta is not working

Aparna_Saripaka · December 9, 2019, 12:56pm

Hi We are using aws -> istio -> okta for authentication. we configured our services with aws and istio. Wanted to apply OKTA authtication policy i.e, JWT verification similar to auth0. Even if we applied the policy, requests are not getting authenticated.

Below is the configuration
apiVersion: authentication.istio.io/v1alpha1
kind: Policy
metadata:
name: ingressgateway-policy
namespace: test
spec:
targets:

name: studio-beffe
peers:
mtls: {}
origins:
jwt:
audiences:
- “api://default”
  issuer: “https://{okta-url}/oauth2/default”
  jwksUri: “https://{okta-url}oauth2/default/v1/keys”
  principalBinding: USE_ORIGIN

Let us know if we miss anything or anything needs to be changed?

liminwang · December 13, 2019, 2:18am

Policy looks correct to me. Did you take a look at operation guide https://istio.io/docs/ops/common-problems/security-issues/#end-user-authentication-fails ?

Topic		Replies	Views
AuthorizationPolicy requestPrincipals looks not working from Okta & ALB issued JWT Security	0	695	October 11, 2022
Istio JWT authentication does not seem to be working Security	7	5739	January 27, 2021
JWT Policy does not take affect! Policies and Telemetry	24	5735	February 26, 2020
Istio, jwts in cookies... how?	1	1277	October 4, 2023
Need assistance on End User Authentication Policy and Envoy Filter Security	0	233	September 24, 2023

Authentication policy with okta is not working

Related topics