How to get okta login page in java application

angeline.alex · November 5, 2021, 8:52pm

0

I am new to okta and not sure if I understand the things correctly.

I have an existing java web application and its deployed in 2 tomcat servers; one for UI and one Services. Now we are using Redhat SSO in UI to login and no spring on UI code.

Right now, I have to use OKTA instead of redhat sso. I have followed the steps mentioned here. Build a Java REST API with Java EE and OIDC | Okta Developer

instead of the below:

jwtVerifier = new JwtHelper()
                    .setIssuerUrl("https://{yourOktaDomain}/oauth2/default")
                    .setClientId("{yourClientId}")
      
          .build();

Used below:

AccessTokenVerifier jwtVerifier = JwtVerifiers.accessTokenVerifierBuilder()
              .setIssuer("https://dev-xxxx.okta.com/oauth2/aus2ibr84krwxxxx")
              .setAudience("testAudience") 
              .setConnectionTimeout(Duration.ofSeconds(1))
              .setReadTimeout(Duration.ofSeconds(1))
              .build();

Both the above code is working fine without any issue… but when I try to hit the signin URL i am getting 401 status code.

I also tried the below ones with .setAudience("api://default")

//.setIssuer("https://dev-xxx.okta.com/oauth2/default")
//.setIssuer("https://dev-xxx.okta.com")
//.setIssuer("https://dev-xxx.okta.com/api/v1/authorizationServers/default")

Then, was thinking that I need to validate token in first place. So added the below piece of code to validate token with default one. Its failing when I call the decode. Initially I got “Caused by: io.jsonwebtoken.MalformedJwtException: Unable to read JSON value: ??i???z???N?” . Then I created another token and then used that. Now getting "com.okta.jwt.JwtVerificationException: Token did not contain signature"

try {
            Jwt jwt = jwtVerifier.decode("C4o4J2aspA68D5si1bRd9YXd_ushOGH4x7UnHlMsL8");
            return (String) jwt.getClaims().get("uid"); 
        } catch (JwtVerificationException e) {
              log.error("local introspect error", e);
              return null;
        }

Do we need to really validate token explicitly in the code? If so how to get the token from okta? I assume the application is hitting okta server and its not authorizing for some reason.

Can some one help me please to clarify my doubt or some working example which i can use or some light on my issue? Note: not using Maven, with ANT still.

Lijia · November 8, 2021, 8:47pm

@angeline.alex
Hi, can you pls take a look the below related discussion and refer the solution?

Does a customized server help??

angeline.alex · November 9, 2021, 6:01pm

Thanks for your reply.
My company is just moving to OKTA… I see the version is 2021.11.0 C… is it what you mean?

Anyways as given in the reference post I tried created new authorization server and used that issuer URL in my filter code along with given audience.

AccessTokenVerifier jwtVerifier = JwtVerifiers.accessTokenVerifierBuilder()
              .setIssuer("https://xxx-oktapreview.com/oauth2/aus2twhhwy5sfTQ791d7")
              .setAudience("0oa1qlm9y8cFfjt791d7") 
              .setConnectionTimeout(Duration.ofSeconds(1))
              .setReadTimeout(Duration.ofSeconds(1))
              .build();

But no luck… I am getting 401 error.

I guess the token is required only when user name is entered in OKTA login page. So I am worried about getting okta login page now.

Redirect URL in okta server application: http://host:8192/app/ui/index.xhtml

Also i am not sure if i am hitting okta server… I checked in System Log okta server, i dont see any logs for it. Am I seeing in right place?

angeline.alex · November 19, 2021, 2:45am

Followed this URL and got the login page. Implement authorization by grant type | Okta Developer

Constructed the URL as mentioned and called sendRedirect to get the login page.

system · November 20, 2021, 2:46am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.