Stanislau Yarkouski
Hello Matt,
Thank you very much for this tutorial, I got it running without any issues.
We would like to use Okta as additional authentication mechanism along with our regular authentication. If user tries to access any page of our application without logging in, he would be redirected to our regular login page right away and not to Okta login.
I see it like this: on our login page we would have “Authenticate by Okta” button. When user clicks it, it leads him to https://ourdomain/okta_protected where Okta authentication happens (as it’s demonstrated in this tutorial). Then we take username from Principal, load that user from database and provide him access to our application according to his roles.
So my question are:
1) Can the logic that I’ve described be implemented at all?
I mean, I understand that Spring Security hardcodes the endpoint saml/SSO, so I assume setting Single sign on URL to
https://ourdomain/okta_protected/saml/SSO and modifying basePath to /okta_protected would not help.
Could you please suggest anything that I can try? Maybe setting Recipient URL and/or Destination URL somehow…
2) Let’s assume it can be done. To enable our users to use Okta authentication we should assign our Okta application to all our users. Am I right? Is there a way for automatic assignment when new users are created?
Sorry for the long post. Your reply will be really appreciated.