Hi Team,
I am stuck in a problem. Please help me to get out of this.
I am implementing a java standalone application and from this standalone application , i am invoking the webservice of another application/tool.
As the tool, whom i am invoking webservices is using okta as their access gateway and using Duo security as MFA for the login.
As the third party tool has given only two option to invoke their webservice
- by using username and password
- by using the session token
The problem here is :
How can i connect to tool which is integrated with okta + Duo security and how can I genrate the session token to connect with tool and invoke their webservices .Here i am not using any frontend to login into that tool. i have to do it only from backend.
As this matter is urgent, I would appreciate a reply as soon as possible.
Are you talking about some sort of Web API? What is the protection they use? Is it OAuth? In other words, how are you recommended to invoke their tool/api? What has to be passed as a proof of you being authorized?
Here, I am talking about soap webservices, as third party tool has exposed only wsdl.
for the authorization, Duo push notification comes to our mobile and then we approve the request. by this we login into that tool from a browser.
Well, sorry for the confusion, but not sure how they protect their application. Do they use Okta only as identity store and MFA service, no SSO?
If you need to obtain Okta session token all you need is a call to /authn endpoint, with correct username/password (https://developer.okta.com/docs/reference/api/authn/#primary-authentication) But again, I’m not fully understanding your task
they use okta as their access gateway and yes it is a sso
we dont have the username and password to login. it is managed by the duo push notification