kandi X-RAY | okta-spring-boot Summary
kandi X-RAY | okta-spring-boot Summary
Okta Spring Boot Starter
Top functions reviewed by kandi - BETA
- Called by the application
- Creates a RestTemplate
- Creates the parameters from the given authentication exception .
- Factory method for creating ReactiveAuthenticationManager
- Decorate user .
- Validates target .
- Checks if the issuer is a root organization .
- Loads a yaml configuration file .
- Creates custom HTTP proxy .
- Converts Spring security properties to Spring security application .
okta-spring-boot Key Features
okta-spring-boot Examples and Code Snippets
Trending Discussions on okta-spring-boot
I have upgraded our Spring Boot apps from using okta-spring-boot-starter v0.61 to v2.1.1
The microservices are now always throwing:...
ANSWERAnswered 2021-Oct-21 at 23:51
A lot changed between those versions. The biggest of was Spring Security's OAuth support (which the Okta lib sits on top of). Make sure you don't have the old Spring Sec lib on your classpath
The related migration guide might help you too (depending on what you are doing).
From here there are two things to configure:
- Your config properties (those should remain the same
- Configuring the resource server.
For the last one, all that's left is to us the new Spring Security API to configure a resource server:
I have this repo: https://github.com/oktadeveloper/okta-spring-boot-saml-example . After user login in identity provider(okta, azure AD,...), user can access website.
- website request SAML assertion
- user login with user and password
- identity provider return SAML assertion
- server make a post request to /saml/sso with SAML assertion to do authentication
But I have a question: how i get SAML assertion from ReactJS and send SAML assertion to springboot to get access token.
Thanks you for your reading!...
ANSWERAnswered 2021-Mar-01 at 08:18
the SAML bearer assertion flow of OAuth does help in fetching an OAuth token (access-token) using a SAML Assertion as described here: https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-token-exchange-saml-oauth
I have setup application and authorization server on Okta. I have added two groups, namely
users. The authentication flow is working fine but when I try to print the roles, I am getting the output as below
[SCOPE_address, SCOPE_phone, SCOPE_offline_access, SCOPE_openid, ROLE_USER, SCOPE_email, SCOPE_profile]
The Java code to print the roles is as below:...
ANSWERAnswered 2021-Jan-21 at 20:35
Take a look at the "Authorization Server" section in the blog post you mentioned:
The post used an older version of these libraries, but make sure you have the "groups" claim defined. You likely need to set the "include in token type" value to "both" (or follow the same steps to create one for the "ID Token" as well)
This post likely predated OIDC support in Spring Security.
Keep us posted, if that was the issue I'll tweak the post to mention that.
If that doesn't help, use the "Token Preview" tab on the "Authorization Server" configuration page in your Okta Admin/Developer Console. You should see a "groups" claim listed, once everything is configured correctly.
Update (answering other questions):
ID Token vs Access Token claims This gets into the weeds a bit related to the OAuth 2.0 and OIDC specs. But the TL;DR is older versions of Spring Security used OAuth 2.0 and Access Tokens, newer versions can use OIDC and ID Tokens.
There are other flows that would use Access Tokens too, for a more detailed description on the differences between the two and which flows use which tokens, checkout the Okta Dev YouTube Channel
This one was my fault, I miss remembered this page. You can just create the claim for both token types.
It uses the names that are in group, if you want it to use
ROLE_ADMINinstead you can create an Okta group with that name.
I'm using this Okta Spring Boot starter, but I cannot disable the auto configuration for integration testing. Normally, you would do something like this:...
ANSWERAnswered 2020-Aug-04 at 17:21
You should be able to mock things so OIDC discovery can happen. I show how to do it for a JHipster app in this blog post. Since you're using the Okta Spring Boot starter, I'm guessing you can do something like this.
- Create a
I have been exploring APIgee and okta configuration using https://github.com/tom-smith-okta/okta-api-center repo. Here APIgee edge acts as a gateway to https://okta-solar-system.herokuapp.com/ api’s and the token for authentication is generated via okta. My understanding is that https://okta-solar-system.herokuapp.com/ doesnt have any okta authentication enforcement. The check is via apigee.
If I were to replace https://okta-solar-system.herokuapp.com/ with a spring boot application hosted publicly should the application have okta security enabled (eg : https://github.com/oktadeveloper/okta-spring-boot-oauth-example) or should i follow same procedure as above and delegate enforcement of token to apigee, without any security enforcement on the spring boot application?
Can someone tell me what is the standard way of implementation I should follow?...
ANSWERAnswered 2020-Jul-25 at 16:55
If the spring boot application has no enforcement of security, what is to prevent someone from bypassing the Apigee API gateway and calling it directly?
If you have successfully managed to secure the spring boot application so that only the API gateway can communicate with it (via mutual TLS connection, IP allow listing, etc), you might be able to forego any enforement at the service level, but I would recommend doing some authorization checks in the service itself.
I try building a minimal openid secured cloud environment. Following more or less https://developer.okta.com/blog/2019/08/28/reactive-microservices-spring-cloud-gateway .
I have a spring cloud gateway, a consul registry, an application registered on okta and a simple test app with just one controller returning a string. Both the gateway and the test application depend on
'com.okta.spring', name: 'okta-spring-boot-starter', version: '1.4.0'.
The gateway is configured like so (skipping ssl here for brevity):...
ANSWERAnswered 2020-Apr-06 at 13:49
It turned out, the solution is to remove the cookie header from the downstream request. This can be achieved by adding another default filter to the gateway:
APPLICATION FAILED TO START
ANSWERAnswered 2020-Feb-17 at 10:10
Please clean your gradle.build file from hibernate dependencies , spring-jdbc and spring-orm. As spring-boot-starter-jpa has hibernate as transitive dependency.
No vulnerabilities reported
Create a Spring Boot application with [Spring initializr](https://start.spring.io/): ```bash curl https://start.spring.io/starter.tgz -d dependencies=web,okta -d baseDir=<<yourProjectName>> | tar -xzvf - cd <<yourProjectName>> ```
Configure it with [Okta CLI](https://github.com/oktadeveloper/okta-cli/blob/master/README.md): ```bash okta apps create ```
Run it: ```bash ./mvnw spring-boot:run ```
Reuse Trending Solutions
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page