We deploy various native clients to iOS, Android, Win 10, Win Mobile, and WPF for older windows OS. However, they are all designed to interact with a Java based webservice, that communicates to various endpoints via protocols like SOAP, REST, and JDBC.
We will be integrating with OKTA and would like to know if its possible to integrate at the webservice layer, so our clients dont need to change. So in our normal flow, a user provides username and pw (which are ERP or LDAP credentials typically), which is forwarded as a request to our webservice. The webservice then looks up the correct endpoint and formulates the auth request. If the auth request succeeds against the endpoint, we issue a JSON Web Token (JWT) to client that allows them to execute queries against other secured api routes for a finite time.
So for us an an ideal implementation is a user will still type in username and password to client (same they would use to login to okta) and then forward that to our Java webservice. Webservice would initiate an auth request to okta, which produces either a saml assertion or some other token we can validate. If the assertion is good, the JWT from our webservice will be issued to client and it can proceed as normal.
Are there any resources for setting up this kind of system with okta? I know this may not a typical workflow but would be best for us, if possible.