That’s likely all you need, though I believe the client secret is shared between apache and OKTA so you’ve got to be sure you set everything up right in OKTA.
I assume you’re getting some errors? If you attach the httpd/apache2 error logs I can help diagnose the issue.
"
[Fri May 23 06:01:35.791873 2025] [auth_openidc:error] [pid 2840643:tid 139786715113216] [client 10.112.149.20:50812] oidc_check_userid_openidc: configuration error: the authentication type is set to “openid-connect” but OIDCRedirectURI has not been set
"
OK - maybe it’s as simple as bounding httpd/apache2. If you restart httpd/apache2 we should be writing a new .conf file based on what you’ve provided in the .yml file you’ve displayed above.
Once you bounce httpd/apache2 look for the ood-portal.conf file in it’s /etc directory to verify if it has directives like OIDCRedirectURI.
The parameter to set in ood_portal.yml is oidc_uri, not oidc_redirect_uri.
That parameter maps to OIDCRedirectURI in the generated ood-portal.conf, so this mismatch is a little confusing; we made the same mistake at first, even though it’s in the documentation.