Knowledge base
Requests
Documentation
New Request
Find answers fast
Home
Certificate Manager

OKTA Redirect Error using OIDC Provisioner

Edited

If you're generating certificates using an OKTA OIDC Provisioner in Smallstep, you might get the following error from OKTA on the browser side after you run the Step command.

Your request resulted in an error. The 'redirect_uri' parameter must be a Login redirect URI in the client app settings

In this case, OKTA expects a listener port in the Smallstep OIDC application's Sign-in redirect URI. A common URI would be 127.0.0.1:10000.

Here are two options to resolve this (assuming your redirect port is 10000):

  • Dashboard - In the Dashboard for your OIDC Provisioner, edit and go to Advanced Settings. Set the Listen Address (optional) setting to a colon and port that is configured in OKTA. 

  • Step CLI (Command Line) - Add STEP_LISTEN=:10000 in front of your step ca certificate command (if 10000 is the port you specified in your OKTA Smallstep OIDC settings).

    • Example:STEP_LISTEN=:10000 step ca certificate myservice --san myservice.internal.mycompany.net myservice.crt myservice.key --not-after 24h

Was this article helpful?

Sorry about that! Care to tell us more?

Thanks for the feedback!

There was an issue submitting your feedback
Please check your connection and try again.
Support Report
Privacy Policy