Jhipster okta integration issue

nagnalla · June 6, 2019, 5:15am

Can some one help with this problem? I’m getting the below error when I try to integrate jhipster with okta.

2019-06-06 01:06:59.261 INFO 722 — [ XNIO-2 task-12] c.o.f.config.SecurityConfiguration : --------------START---------------
2019-06-06 01:06:59.261 INFO 722 — [ XNIO-2 task-12] c.o.f.config.SecurityConfiguration : Authority–ROLE_USER
2019-06-06 01:06:59.265 ERROR 722 — [ XNIO-2 task-12] io.undertow.request : UT005023: Exception handling request to /login/oauth2/code/oidc

java.lang.ClassCastException: org.springframework.security.oauth2.core.user.OAuth2UserAuthority cannot be cast to org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
at com.octo.frontendauth.config.SecurityConfiguration.lambda$null$1(SecurityConfiguration.java:108)
at java.lang.Iterable.forEach(Iterable.java:75)
at java.util.Collections$UnmodifiableCollection.forEach(Collections.java:1080)
at com.octo.frontendauth.config.SecurityConfiguration.lambda$userAuthoritiesMapper$2(SecurityConfiguration.java:106)
at org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider.authenticate(OAuth2LoginAuthenticationProvider.java:120)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175)
at org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter.attemptAuthentication(OAuth2LoginAuthenticationFilter.java:186)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:160)

mraible · June 6, 2019, 12:48pm

Are you developing a monolith or a microservices architecture? If it’s just a monolith, can you show us your .yo-rc.json file and provide steps to reproduce?

nagnalla · June 6, 2019, 1:15pm

Hi @mraible, I’m developing monolith app. Here is my .yo-rc.json file. Steps that I took so far are installed jhipster and modified application.yml like below, configured okta tenant and started the app.
oauth2:
client:
provider:
oidc:
issuer-uri: https://dev-534394.oktapreview.com/oauth2/default
registration:
oidc:
client-id: <>
client-secret: <>
scope: openid profile email
access-token-uri: https://dev-534394.oktapreview.com/oauth2/default/v1/token
user-authorization-uri: https://dev-534394.oktapreview.com/oauth2/default/v1/authorize

Here is the .yo-rc.json content

{
“generator-jhipster”: {
“promptValues”: {
“packageName”: “com.octo.frontendauth”
},
“jhipsterVersion”: “6.0.1”,
“applicationType”: “monolith”,
“baseName”: “frontendauthserver”,
“packageName”: “com.octo.frontendauth”,
“packageFolder”: “com/octo/frontendauth”,
“serverPort”: “8080”,
“authenticationType”: “oauth2”,
“cacheProvider”: “ehcache”,
“enableHibernateCache”: false,
“websocket”: false,
“databaseType”: “sql”,
“devDatabaseType”: “h2Memory”,
“prodDatabaseType”: “postgresql”,
“searchEngine”: false,
“messageBroker”: false,
“serviceDiscoveryType”: false,
“buildTool”: “maven”,
“enableSwaggerCodegen”: false,
“clientFramework”: “angularX”,
“clientTheme”: “solar”,
“clientThemeVariant”: “primary”,
“useSass”: true,
“clientPackageManager”: “npm”,
“testFrameworks”: [],
“jhiPrefix”: “jhi”,
“entitySuffix”: “”,
“dtoSuffix”: “DTO”,
“otherModules”: [],
“enableTranslation”: false
}
}

mraible · June 6, 2019, 1:45pm

You don’t need the “access-token-uri” and “user-authorization-uri” values. Can you try removing them? You might also check out my recent blog post on using JHipster 6 with Okta. It includes a screencast if you prefer video.

nagnalla · June 6, 2019, 2:52pm

Hi @mraible I tried removing them and still it has no effect. still getting the same error.
Here is code snippet from SecurityConfiguration.java

@Bean
@SuppressWarnings("unchecked")
public GrantedAuthoritiesMapper userAuthoritiesMapper() {
    return (authorities) -> {
        Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
        log.info("--------------START---------------");
        authorities.forEach(authority -> {
        	log.info("Authority--"+authority);
            OidcUserAuthority oidcUserAuthority = (OidcUserAuthority) authority;
        	log.info("oidc Authority--"+oidcUserAuthority);
            OidcUserInfo userInfo = oidcUserAuthority.getUserInfo();
            Collection<String> groups = (Collection<String>) userInfo.getClaims().get("groups");
            if (groups == null) {
                groups = (Collection<String>) userInfo.getClaims().get("roles");
            }
            mappedAuthorities.addAll(groups.stream()
                .filter(group -> group.startsWith("ROLE_"))
                .map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
        });

        return mappedAuthorities;
    };
}

Here is the log where it throw class cast exception:

2019-06-06 10:44:27.223 INFO 3143 — [ XNIO-1 task-18] c.o.f.config.SecurityConfiguration : --------------START---------------
2019-06-06 10:44:27.223 INFO 3143 — [ XNIO-1 task-18] c.o.f.config.SecurityConfiguration : Authority–ROLE_USER
2019-06-06 10:44:27.233 ERROR 3143 — [ XNIO-1 task-18] io.undertow.request : UT005023: Exception handling request to /login/oauth2/code/oidc

java.lang.ClassCastException: org.springframework.security.oauth2.core.user.OAuth2UserAuthority cannot be cast to org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
at com.octo.frontendauth.config.SecurityConfiguration.lambda$null$1(SecurityConfiguration.java:108)
at java.lang.Iterable.forEach(Iterable.java:75)
at java.util.Collections$UnmodifiableCollection.forEach(Collections.java:1080)
at com.octo.frontendauth.config.SecurityConfiguration.lambda$userAuthoritiesMapper$2(SecurityConfiguration.java:106)
at org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider.authenticate(OAuth2LoginAuthenticationProvider.java:120)

mraible · June 6, 2019, 3:03pm

You probably missed a configuration step where you need to add a “groups” claim to the ID token. There are instructions in the blog post and in JHipster’s security docs.

nagnalla · June 6, 2019, 3:07pm

Here is my okta tenant configuration. BTW, thanks much for responding quickly.

mraible · June 6, 2019, 3:41pm

If it doesn’t work with this configuration, I’d try remove the “groups” claim that’s in the access token, as well as the “roles” claim. You only need one.

nagnalla · June 6, 2019, 4:35pm

tried removing groups claims in access token and roles claim as well Still the same original error.
java.lang.ClassCastException: org.springframework.security.oauth2.core.user.OAuth2UserAuthority cannot be cast to org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority

nagnalla · June 6, 2019, 5:18pm

Hi @mraible I delete .yo-rc-json file and recreated the project from scratch again and it worked fine this time. very weird. But anyways thank for your help !

system · January 23, 2024, 7:11pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
JHipster, OAuth and the Okta Sign-In Widget Questions spring , angularjs	5	5882	April 15, 2020
Okta error with external IDP Questions	7	9159	October 22, 2021
Setting up okta oidc for use with Spring-boot 2.3.1.RELEASE OAuth/OIDC	11	7429	February 8, 2024
Not able to integrate Springboot web app with Okta OAuth/OIDC spring	2	46	July 26, 2024
JHipster Gateway with Okta OAuth2 Authentication Questions	2	2876	July 27, 2021

Jhipster okta integration issue

Related topics