Cannot connect to issuer uri using spring boot application

I am using the okta developer account to play around with OKTA features.

I followed this article to make a simple authorization app: https://developer.okta.com/blog/2019/10/30/java-oauth2

I am able to do everything until I add the okta part.
I am storing my okta url in application.yml file in my spring boot application.

okta:
oauth2:
clientId: #############
client-secret: ########################
issuer: https://dev-#########.okta.com/oauth2/default

when I start the application, I am getting the following error:

org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://dev-******.okta.com/oauth2/default/.well-known/openid-configuration": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:751) ~[spring-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]

But at the same time I am able to access the url:
https://dev-#######.okta.com/oauth2/default/.well-known/openid-configuration through my web browser. I dont understand why it is refusing to connect through the spring boot application

your help is appreciated!

Ajay

You might have an IT Trial account instead of a developer account. You can up for a forever-free developer account at https://developer.okta.com/signup.

I followed your link and made a developer account with OKTA. I am still facing the same issue.

Here is the error:

2019-11-13 10:25:19.240  WARN 48732 --- [           main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$EnableWebMvcConfiguration': Unsatisfied dependency expressed through method 'setConfigurers' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration$OAuth2ClientWebMvcSecurityConfiguration': Unsatisfied dependency expressed through method 'setAuthorizedClientRepository' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authorizedClientRepository' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfiguration.class]: Unsatisfied dependency expressed through method 'authorizedClientRepository' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authorizedClientService' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfiguration.class]: Unsatisfied dependency expressed through method 'authorizedClientService' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'clientRegistrationRepository' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2ClientRegistrationRepositoryConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository]: Factory method 'clientRegistrationRepository' threw exception; nested exception is java.lang.IllegalArgumentException: Unable to resolve Configuration with the provided Issuer of "https://dev-########.okta.com/oauth2/default"

Here is my application.yml

If you go to your app’s OIDC configuration URL, do you see a valid response?

For instance, here’s one of mine:

https://dev-133320.okta.com/oauth2/default/.well-known/openid-configuration

Chop everything off before “/.well-known” and that should be your issuer URI.

So here is my application.yml


okta:
oauth2:
clientId: 0oa1t9nv2c2kOJwUK357
client-secret: yNIepfB2XIdkD8CgwaiUocA9RHMOvwl8eUBfsEFz
issuer: https://dev-355879.okta.com/oauth2/default

My OIDC configurationURL: https://dev-355879.okta.com/oauth2/default/.well-known/openid-configuration
The oidc url seems to be workingfine

Are you behind a firewall? You might have to configure Java to use your proxy settings.

1 Like

That was it @mraible. Thanks it works fine now.
My company just bought OKTA services/OpenID connect and I was trying these exercises to get started. I forgot I was behind a corporate proxy.

Thanks a ton!
Ajay

Hello,

I’m also facing same but there is no proxy issue at my end.

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name ‘clientRegistrationRepository’ defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2ClientRegistrationRepositoryConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository]: Factory method ‘clientRegistrationRepository’ threw exception; nested exception is java.lang.IllegalStateException: The Issuer “” provided in the configuration metadata did not match the requested issuer “”
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository]: Factory method ‘clientRegistrationRepository’ threw exception; nested exception is java.lang.IllegalStateException: The Issuer “https://dev-887793.okta.com/oauth2/default” provided in the configuration metadata did not match the requested issuer “https://dev-887793-admin.okta.com/oauth2/default
Caused by: java.lang.IllegalStateException: The Issuer “https://dev-887793.okta.com/oauth2/default” provided in the configuration metadata did not match the requested issuer “https://dev-887793-admin.okta.com/oauth2/default

While below config link is accessible.
https://dev-887793-admin.okta.com/oauth2/default/.well-known/openid-configuration.

Thanks.

Hi @dev_praveen,

Issuer URI shouldn’t have -admin part in it. So, in your case, ensure the issuer URI in your config is https://dev-887793.okta.com/oauth2/default and not https://dev-887793-admin.okta.com/oauth2/default, which is what the error indicates.

If you notice the issuer in https://dev-887793.okta.com/oauth2/default/.well-known/openid-configuration, it’s https://dev-887793-admin.okta.com/oauth2/default
This is called the discovery endpoint which provides the right configuration for the authorization server you’re using. Read this if you need more info - https://developer.okta.com/docs/concepts/auth-servers/#default-custom-authorization-server

Hope this helps.

1 Like