I am using Keycloak with my Spring Boot application. I want to use Okta as Identity Provider without success, this configuration:
Spring configuration:
security.oauth2.resource.userInfoUri=https://dev-XXXXXX.oktapreview.com/oauth2/default/v1/userinfo
security.oauth2.resource.tokenInfoUri=https://dev-XXXXXX.oktapreview.com/oauth2/default/v1/introspect
security.oauth2.resource.preferTokenInfo=false
security.oauth2.client.accessTokenUri=https://dev-XXXXXX.oktapreview.com/oauth2/default/v1/token
security.oauth2.client.userAuthorizationUri=https://dev-XXXXXX.oktapreview.com/oauth2/default/v1/authorize
security.oauth2.client.clientId=CLIENT_ID
security.oauth2.client.scope=openid profile email
Okta Identity Provider configuration:
But this configuration is always leading me to HTTP 400:
What I am missing?
You should configure your Spring Boot to work with Keycloak and then Keycloak to work with Okta.
The following article describes how to configure Keycloak with Okta SAML Provider
https://ultimatesecurity.pro/post/okta-saml/
I cannot answer it with surety, but have you added redirect-url to the trusted origins of Okta dashboard?
https://developer.okta.com/code/javascript/okta_sign-in_widget?_ga=2.16453941.2053718723.1521541302-1766190875.1521541302
Related
We are building an OIDC Identity Provider in java which can be integrated into Keycloak and perform authentication .We are looking at Spring Authorization server or Apache Shiro as our options to build the custom service in java and register it as an IDP in Keycloak.Any help /documentation/leads welcome.
We have looked at any implementation logic within Spring Authorization Server for the integration with keycloak as an authentication mechanism,but not quite sure if its the right approach
I am creating a login mechanism to use AWS IAM SAML IdP and ADFS.
I am looking for a way on how to start using Spring Boot to login to the application through the IdP? is there any example on this?
Installed spring boot admin and server.
All client endpoints are visible in spring boot admin but after adding security dependency in client secured endpoints are not visible in admin.
Provided credentials of admin and client in application.yaml of client.
Had the same problem. Firstly, you need to share user and password from admin-client, this can be configured in yml file:
spring.boot.admin.client:
url: http://localhost:8080
instance:
metadata:
user.name: ${spring.security.user.name}
user.password: ${spring.security.user.password}
Also you need to enable http basic in security config, because SBA server then uses this metadata to make http calls.
source: https://codecentric.github.io/spring-boot-admin/2.2.3/#_securing_client_actuator_endpoints
I have a project in springboot + springSecurity oauth2
this project is work correctly.
I want to add keycloak to this project.
I want to authorize users in my project and get access_token from keycloak.
Is this possible?
Here is an article, how to use oauth2 with spring security and keycloak
I am using spring security for my spring multitenant application. I am using spring security 3.2
I am using spring security for my spring multitenant application. My requirement
is tenant1 should be authorized against oauth and tenant2 should be authorized
against ldap and tenant3 should be authorized against database. I will be knowing
the authorization method for the tenant through properties file. I am able to
authorize user against any single authorization method. But i am not able to
configure for multiple authorization methods. Please someone give any suggestions
on this.
In case of web application, you can use different login URLs and allow user to choose authentication method. Then separate security filters should be applied for each URL.
You can check this configuration: https://code.google.com/p/opendatakit/source/browse/eclipse-aggregate-gae/war/WEB-INF/applicationContext-security.xml?repo=aggregate