I'm having trouble with the SAML2Bearer authentication method. I'm trying to perform SAML2Bearer authentication and retrieve an access token, but I'm unable to do so even after referring to this link (https://developer.genesys.cloud/authorization/platform-auth/use-saml2-bearer).
I'm using Okta as the IdP, and GenesysCloud is registered with Okta. I have also registered the integration details between Okta and GenesysCloud, and I have confirmed that login through SSO is possible.
Objective:
I want to use the SAML2Bearer authentication method provided by GenesysCloud and obtain an access token.
Questions:
I would like to know how to obtain the assertion information, which is a parameter for SAML2Bearer, as mentioned in the above link.
grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=
What I have investigated and done:
I generated a SamlRequest for GenesysCloud and sent it to Okta, but I received an error. When I created a separate SP and registered it with Okta, I was able to receive the SamlResponse (assertion) successfully.
I tried sending a SAML2Bearer authentication request to https://login.mypurecloud.jp/oauth/token using the assertion returned from the custom SP in step 1 as a parameter, but it resulted in an error. I also made sure to encode it in Base64.
4.When I send the SamlResponse assertion, which is issued when clicking on the Okta image link on the GenesysCloud login page, to https://login.mypurecloud.jp/oauth/token, I receive a 400 error with "error": "invalid_request".
The question is, what do I throw the request to Okta to authenticate?
I am not getting a SamlResponse back from Okta, which is SSO linked to GenesysCloud.
With SPs other than GenesysCloud, SamlResponse is returned from Okta, but with GenesysCloud, an error occurs.
I would like to know just what SamlRequest to throw to Okta.
I'm not an API/SSO expert, but just to make sure, but Motoori-san, did you follow the Tim's comment that says "and which also links to the Okta documentation for how to configure the okta side", including the "Okta App" section pointed by GitHub - MyPureCloud/saml2bearer-oauth-example. Let's also see what Tim would have to say. Thanks,
Regarding Tim's comment, "Also see the readme in the repo in the Okta App section that links to the Genesys Cloud documentation for details about how to configure the Genesys Cloud side and which also links to the Okta documentation for how to configure the Okta side," I am aware of this. I followed the instructions in the documentation while registering. Multiple times.
SSO between GenesysCloud and Okta is successful, but the Saml2Bearer authentication is failing.
を登録しました。
Timさんのコメント「 Also see the readme in the repo in the Okta App section that links to the Genesys Cloud documentation for details about how to configure the Genesys Cloud side and which also links to the Okta documentation for how to configure the okta side.」
は既知の事実で、手順書に従いながら登録しました。何度も。