OKTA Architecture Question - Asking for help

nelson.gomes · September 12, 2021, 4:03pm

Hello,

I have an environment today with one application that is going to use OKTA login process. BUT BUT in a near future I will have more applications that are going to use this service.

Java Application, in the application server is not Spring, in the gateway server will be Spring (thank god)

Because of this I dont want to put the configuration in this application server, because if a do this , in the future I will need to replicate the code to all other applications

So, my idea is to create , what a called, a internal OKTA Gateway Server,
the internal applications will contact this server and only knows this server.
and this server will be the only one contact what a called, the OKTA External Oficial Server.
This server is going to be responsible to contact the OKTA External Oficial Server to validate , create, the tokens etc. etc.

My two questions, are
Is this possible ?
and better, Is this a good idea ?
What do you guys think about it ?

I make a draw showing my idea.

phi1ipp · September 12, 2021, 9:42pm

All is possible, like my friend say Only problem is you are inventing a security scheme, so be aware of possible pitfalls and vulnerabilities, which may be laying in your way.

To be honest, either you replicate a standard mechanism to validate directly agains Okta, or against your internal/external server, this piece of a code has to be replicated (if that is your major concern). So I don’t see a benefit of creating this complicated architecture, but I might not fully understand a reason of yours

nelson.gomes · September 12, 2021, 9:55pm

the actual application server uses Java Lite, on direct integration with Oath2.
But thanks for the answer.