terraform-provider-okta: Unable to set App Logo for SAML apps

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave “+1” or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.14.10 Okta Provider built from https://github.com/okta/terraform-provider-okta/commit/56e5b6be7bfcd6a1ad54e9b8644664b4635e8403

Affected Resource(s)

  • okta_app_saml

Terraform Configuration Files

resource "okta_app_saml" "this" {
  label                    = var.label
  sso_url                  = "https://${var.fqdn}/saml2_auth/acs/"
  recipient                = "https://${var.fqdn}/saml2_auth/acs/"
  destination              = "https://${var.fqdn}/saml2_auth/acs/"
  audience                 = "https://${var.fqdn}/saml2_auth/acs/"
  subject_name_id_template = "$${user.userName}"
  subject_name_id_format   = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
  response_signed          = true
  assertion_signed         = true
  signature_algorithm      = "RSA_SHA256"
  digest_algorithm         = "SHA256"
  honor_force_authn        = true
  authn_context_class_ref  = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
  logo                     = var.logo_filename
  hide_web                 = false

Debug Output

{
 "errorCode": "App instance has no login link to set logo for",
 "errorSummary": null,
 "errorLink": "App instance has no login link to set logo for",
 "errorId": "oaelxekIJNkQF6DVVUzjyORsQ",
 "errorCauses": []
}

Expected Behavior

App logo should have been uploaded and created

Actual Behavior

Error due to missing App login link which doesn’t appear to be configurable.

Steps to Reproduce

  1. terraform apply

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Reactions: 15
  • Comments: 29 (17 by maintainers)

Most upvoted comments

UPDATE: @fatbasstard @joshowen @virgofx @miguelpuiggarcia @sklarsa @guillaumelecerf @ReeceWilliams7 @gavinbunney

The feature team responsible for the endpoint where app logos are uploaded to has fixed this bug. However, the fix won’t be released to production until mid-November given the way releases are proved and promoted within Okta.

+7
monde on Oct 29, 2021

@miguelpuiggarcia I’ve pinged the feature team responsible for this part of the Okta API and am trying to get it into an upcoming sprint.

+7
monde on Sep 27, 2021

@guillaumelecerf @sklarsa I’m looking to see when this will be prioritized by the corresponding internal feature team. I will post an update when I find out new information.

+4
monde on Sep 10, 2021

Okta internal escalation: OKTA-439102 /cc @fatbasstard @joshowen .

FWIW the terraform provider is calling this API endpoint for logo uploads POST /api/v1/apps/${applicationId}/logo

The feature team responsible for that Okta API endpoint is now looking for a fix in its current sprint.

+3
monde on Oct 20, 2021

@joshowen @gavinbunney there is a known bug where the application icon is able to be updated in the Okta UI but not via the API. It is on the backlog of the responsible team. I will monitor the issue on our end and provide updates here.

Internal reference: OKTA-373430

+3
monde on Jul 8, 2021

Sweet, can confirm it works here too now! 🎉

Another “manual” action removed, long live automation!

+2
fatbasstard on Nov 18, 2021

@fatbasstard yes, this issue will stay open until it’s resolved.

+2
bogdanprodan-okta on Nov 2, 2021

@fatbasstard the bug is still on the responsible team’s backlog but has not been triaged yet. I’ll reference this discussion to illustrate importance.

+2
monde on Jul 27, 2021

This also happens for OIDC apps as well 😦 Only bookmark apps I’ve managed to successfully create from scratch and set a logo.

resource "okta_app_oauth" "blender" {
  ... # cut for brevity
   logo = "${path.module}/../../assets/app.png"
}

HTTP/2.0 400 Bad Request
X-Okta-Request-Id: YNZeiP8g0f23eEUn-RMb-AAAB9w
{
 "errorCode": "App instance has no login link to set logo for",
 "errorSummary": null,
 "errorLink": "App instance has no login link to set logo for",
 "errorId": "oaeFYHIGbAfTqSks91vg3Q-tA",
 "errorCauses": []
}
+2
gavinbunney on Jun 25, 2021

@fatbasstard @joshowen @virgofx @miguelpuiggarcia @sklarsa @guillaumelecerf @ReeceWilliams7 @gavinbunney I’ve tested logo on two different *.oktapreview.com orgs and it worked! Could you please try to set logos in your orgs?

Hi @bogdanprodan-okta - funnily enough I tested this on our preview instance yesterday and meant to update on here. Pleased to report it worked. Thanks for your help (and @monde) in getting this prioritised on your side - much appreciated!

+1
ReeceWilliams7 on Nov 12, 2021

@fatbasstard @joshowen @virgofx @miguelpuiggarcia @sklarsa @guillaumelecerf @ReeceWilliams7 @gavinbunney I’ve tested logo on two different *.oktapreview.com orgs and it worked! Could you please try to set logos in your orgs?

+1
bogdanprodan-okta on Nov 12, 2021

Hi @monde,

Back to the “question of the month”: Any update?

I’ve also created a case now (refering to this issue and the internal reference you’ve provided earlier) in the hope that it might speed up a bit

@fatbasstard I’m using our internal process to escalate the issue with the responsible feature team.

+1
monde on Oct 19, 2021

Hi, @joshowen @gavinbunney The error you are getting in the response is from the Okta API itself, not the terraform itself. I’m not sure what is the root cause of this bug, but I’ll ask the team responsible for this functionality.

+1
bogdanprodan-okta on Jul 7, 2021
Read more comments on GitHub
← terraform-provider-okta: Receiving a Status: 410 Gone Error for resource: "okta_email_sender" when enabling multibranding in Okta
okta-aws-cli-assume-role: Windows 10 Error - Cannot run program "aws" →