Okta base_url deprecated - problematic for European Okta customers

[hrzbrg]

Hi, we are experiencing problems with Vault as a European Okta customer. Our base_url is okta-emea.com and not okta.com. I believe in the past it was possible to configure the base_url, but that config seems to be ignored now.

Environment:

• Vault Version: 0.8.2
• Operating System/Architecture: macOS 10.12.6

Expected Behavior:

vault write auth/okta/config base_url="okta-emea.com" org_name="acmecorp" api_token="xxxxx"`
vault auth -method=okta username=a.non
#
#
#
Successful Login...

Actual Behavior:

* Okta auth failed: Post https://acmecorp.okta.com/api/v1/authn: x509: certificate is valid for *.okta.com, okta.com, not acmecorp.okta-emea.com.okta.com

Steps to Reproduce:

See steps in Expected Behavior

[chrishoffman]

Do you happen to know what base URL you use for testing? Is it a oktapreview.com URL?

[hrzbrg]

No, we don't have one of these.

[jefferai]

Hi @hrzbrg -- We'll have a fix for this in 0.8.3, which will be next week. In the meantime, if you want, you can build against the linked PR or, once it's merged, master.