okta-spring-boot | Okta Spring Boot Starter | Security library
kandi X-RAY | okta-spring-boot Summary
kandi X-RAY | okta-spring-boot Summary
Okta Spring Boot Starter
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Called by the application
- Creates a RestTemplate
- Creates the parameters from the given authentication exception .
- Factory method for creating ReactiveAuthenticationManager
- Decorate user .
- Validates target .
- Checks if the issuer is a root organization .
- Loads a yaml configuration file .
- Creates custom HTTP proxy .
- Converts Spring security properties to Spring security application .
okta-spring-boot Key Features
okta-spring-boot Examples and Code Snippets
Community Discussions
Trending Discussions on okta-spring-boot
QUESTION
I have upgraded our Spring Boot apps from using okta-spring-boot-starter v0.61 to v2.1.1
The microservices are now always throwing:
...ANSWER
Answered 2021-Oct-21 at 23:51A lot changed between those versions. The biggest of was Spring Security's OAuth support (which the Okta lib sits on top of). Make sure you don't have the old Spring Sec lib on your classpath spring-security-oauth.
The related migration guide might help you too (depending on what you are doing).
From here there are two things to configure:
- Your config properties (those should remain the same
okta.oauth2.* - Configuring the resource server.
For the last one, all that's left is to us the new Spring Security API to configure a resource server:
QUESTION
I have this repo: https://github.com/oktadeveloper/okta-spring-boot-saml-example . After user login in identity provider(okta, azure AD,...), user can access website.
Flow is:
- website request SAML assertion
- user login with user and password
- identity provider return SAML assertion
- server make a post request to /saml/sso with SAML assertion to do authentication
But I have a question: how i get SAML assertion from ReactJS and send SAML assertion to springboot to get access token.
Thanks you for your reading!
...ANSWER
Answered 2021-Mar-01 at 08:18the SAML bearer assertion flow of OAuth does help in fetching an OAuth token (access-token) using a SAML Assertion as described here: https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-token-exchange-saml-oauth
QUESTION
I have setup application and authorization server on Okta. I have added two groups, namely admin and users. The authentication flow is working fine but when I try to print the roles, I am getting the output as below
[SCOPE_address, SCOPE_phone, SCOPE_offline_access, SCOPE_openid, ROLE_USER, SCOPE_email, SCOPE_profile]
The Java code to print the roles is as below:
...ANSWER
Answered 2021-Jan-21 at 20:35Take a look at the "Authorization Server" section in the blog post you mentioned:
https://developer.okta.com/blog/2017/10/13/okta-groups-spring-security#authorization-server
The post used an older version of these libraries, but make sure you have the "groups" claim defined. You likely need to set the "include in token type" value to "both" (or follow the same steps to create one for the "ID Token" as well)
This post likely predated OIDC support in Spring Security.
Keep us posted, if that was the issue I'll tweak the post to mention that.
If that doesn't help, use the "Token Preview" tab on the "Authorization Server" configuration page in your Okta Admin/Developer Console. You should see a "groups" claim listed, once everything is configured correctly.
Update (answering other questions):
ID Token vs Access Token claims This gets into the weeds a bit related to the OAuth 2.0 and OIDC specs. But the TL;DR is older versions of Spring Security used OAuth 2.0 and Access Tokens, newer versions can use OIDC and ID Tokens.
There are other flows that would use Access Tokens too, for a more detailed description on the differences between the two and which flows use which tokens, checkout the Okta Dev YouTube Channel
This one was my fault, I miss remembered this page. You can just create the claim for both token types.
It uses the names that are in group, if you want it to use
ROLE_ADMINinstead you can create an Okta group with that name.
QUESTION
I'm using this Okta Spring Boot starter, but I cannot disable the auto configuration for integration testing. Normally, you would do something like this:
...ANSWER
Answered 2020-Aug-04 at 17:21You should be able to mock things so OIDC discovery can happen. I show how to do it for a JHipster app in this blog post. Since you're using the Okta Spring Boot starter, I'm guessing you can do something like this.
- Create a
TestSecurityConfiguration.javaclass.
QUESTION
I have been exploring APIgee and okta configuration using https://github.com/tom-smith-okta/okta-api-center repo. Here APIgee edge acts as a gateway to https://okta-solar-system.herokuapp.com/ api’s and the token for authentication is generated via okta. My understanding is that https://okta-solar-system.herokuapp.com/ doesnt have any okta authentication enforcement. The check is via apigee.
If I were to replace https://okta-solar-system.herokuapp.com/ with a spring boot application hosted publicly should the application have okta security enabled (eg : https://github.com/oktadeveloper/okta-spring-boot-oauth-example) or should i follow same procedure as above and delegate enforcement of token to apigee, without any security enforcement on the spring boot application?
Can someone tell me what is the standard way of implementation I should follow?
...ANSWER
Answered 2020-Jul-25 at 16:55If the spring boot application has no enforcement of security, what is to prevent someone from bypassing the Apigee API gateway and calling it directly?
If you have successfully managed to secure the spring boot application so that only the API gateway can communicate with it (via mutual TLS connection, IP allow listing, etc), you might be able to forego any enforement at the service level, but I would recommend doing some authorization checks in the service itself.
QUESTION
I try building a minimal openid secured cloud environment. Following more or less https://developer.okta.com/blog/2019/08/28/reactive-microservices-spring-cloud-gateway .
I have a spring cloud gateway, a consul registry, an application registered on okta and a simple test app with just one controller returning a string. Both the gateway and the test application depend on 'com.okta.spring', name: 'okta-spring-boot-starter', version: '1.4.0'.
The gateway is configured like so (skipping ssl here for brevity):
...ANSWER
Answered 2020-Apr-06 at 13:49It turned out, the solution is to remove the cookie header from the downstream request. This can be achieved by adding another default filter to the gateway:
QUESTION
Error
APPLICATION FAILED TO START
Description:
...ANSWER
Answered 2020-Feb-17 at 10:10Please clean your gradle.build file from hibernate dependencies , spring-jdbc and spring-orm. As spring-boot-starter-jpa has hibernate as transitive dependency.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install okta-spring-boot
Create a Spring Boot application with [Spring initializr](https://start.spring.io/): ```bash curl https://start.spring.io/starter.tgz -d dependencies=web,okta -d baseDir=<<yourProjectName>> | tar -xzvf - cd <<yourProjectName>> ```
Configure it with [Okta CLI](https://github.com/oktadeveloper/okta-cli/blob/master/README.md): ```bash okta apps create ```
Run it: ```bash ./mvnw spring-boot:run ```
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
