Migration of OIDC based authentication to Identity Engine

We use a self-hosted login page(without sign in widget) using authn API through okta-auth-java. After successful login, user is redirected to /authorize endpoint with sessionToken generated by authn API. Our main requirement is to have session in okta for other SSO applications.

We are planning to migrate to identity engine but we don’t see a good solution for our requirements. We have confirmed that the current flow still works on identity engine and okta dashboard sets the idx cookie after successful authorize call, but we are aware that we should move away from authn API. We tried to use okta-idx-java, but the interaction code flow doesn’t work for us due to the SSO requirement.

Is there any other way to authenticate using identity engine while keeping SSO working and setting idx cookie? Unfortunately, we can’t use the login page hosted by okta due to customization of our login page.

I analyzed how the sign in widget works in the okta dashboard and I see that after calling authorize endpoint with my clientId, sign in widget generates a stateToken. After successful login, user is redirected to https://example.oktapreview.com/login/token/redirect?stateToken=02.id.stateTokenValue, which triggers a successful authorize call with idx cookie. Is this redirection possible for self hosted sign in page?

In order to facilitate SSO, we recommend using the Redirection model (routing users through the Okta hosted login experience) which will ensure the Okta session set on the Okta domain and accessible to other applications. More information on our guidance here: Okta deployment models - redirect vs. embedded | Okta Developer.

How customized is your login page that you are unable to modify the custom Okta-hosted one to meet your needs?