How to perform authentication via OKTA login page(not application hosted login page) from a Servlet application

Our requirement is to perform authentication via OKTA hosted login page.
Our application uses Servlets, i went through the sample servlet example in Github ,but that uses application hosted login page i.e login.jsp.
So can anyone please let me know how to redirect to OKTA login page and authenticate users from an application which uses Servlets.
Thanks in advance…

It depends on SSO method you wanna use. But from high lev perspective:

  • check if you have session/auth cookie sent to your servlet
  • if no -> redirect user to Okta login page (by SAML/OIDC login redirect)
  • if yes -> proceed with the request
  • on return from Okta to your special callback/ACS URL, validate user and establish a cookie and redirect him to the page initially requested

Maybe people can suggest anything else…

Hi Philipp,
Thank you for your response.
We are going to use SAML2.0.
Could you please provide the reference of such sample application(if any).

It depends again on the the framework/language. Google for it, Okta has quite few examples of SSO solutions

Hi Philipp,
Thank you again for the response.
We use Oracle ADF framework for our application(Core java will be used as part of it).
Yes i did google for the examples, but found the relevant example( i.e for OKTA hosted login page) for Spring framework based application.
So just wanted to know if there is such example based on Servlets.

I’m sorry, I haven’t seen anything specifically about Oracle ADF. Servlets itself are not that different from Tomcat or any other web-server. ADF though can make it bit painful. I had to deal with it once or twice, so can’t say I have any significant experience with it.

If you go the route, maybe it’s not that awful, at least when you have questions they can be discussed and answered on the forum.

also just got an idea :slight_smile: if it’s too challenging, you may want to install a rev-proxy in front of it which will be able to deal with with SAML protection of your ADF application. Might be cheaper, depending on your timeline

No problem Philipp.
Yes, trying to see how SAML can be used from servlets.
And will post the questions as you said.
Thank you …

OK Philipp, thank you for the suggestion.
Will go through it once.