Hi Team,
I am using okta spring boot stater 3.0.7
my okta app is SPA
when I run locally am able hit the /token end point fine and I get response perfectly fine
But when I run same application in TKG, while hitting the /token end point something is happening- am getting login credentials invalid
2025-01-20T11:41:14.946-06:00 DEBUG 8 — [fhb-fincl-event-identifier-service] [nio-8080-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-01-20T11:41:44.381-06:00 DEBUG 8 — [fhb-fincl-event-identifier-service] [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Securing GET /api/transactionTypes
2025-01-20T11:41:44.381-06:00 DEBUG 8 — [fhb-fincl-event-identifier-service] [nio-8080-exec-5] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2025-01-20T11:41:44.382-06:00 DEBUG 8 — [fhb-fincl-event-identifier-service] [nio-8080-exec-5] o.s.s.w.s.HttpSessionRequestCache : Saved request https://fhb-fei-service-itg.mutualofomaha.com/api/transactionTypes?continue to session
2025-01-20T11:41:44.382-06:00 DEBUG 8 — [fhb-fincl-event-identifier-service] [nio-8080-exec-5] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using Or [org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer$BearerTokenRequestMatcher@397a70d8, RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest], And [Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3459ccd9, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3459ccd9, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[/]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3459ccd9, matchingMediaTypes=[/], useEquals=true, ignoredMediaTypes=]]
2025-01-20T11:41:44.383-06:00 DEBUG 8 — [fhb-fincl-event-identifier-service] [nio-8080-exec-5] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3459ccd9, matchingMediaTypes=[application/xhtml+xml, image/, text/html, text/plain], useEquals=false, ignoredMediaTypes=[/]]]
2025-01-20T11:41:44.383-06:00 DEBUG 8 — [fhb-fincl-event-identifier-service] [nio-8080-exec-5] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint@53e780d7
2025-01-20T11:41:44.383-06:00 DEBUG 8 — [fhb-fincl-event-identifier-service] [nio-8080-exec-5] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], Not [And [Or [Ant [pattern=‘/login’], Ant [pattern=‘/favicon.ico’]], And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3459ccd9, matchingMediaTypes=[application/xhtml+xml, image/, text/html, text/plain], useEquals=false, ignoredMediaTypes=[/]]]]], org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer$$Lambda$1557/0x00007f718fa01b00@5f6d1e1d]
2025-01-20T11:41:44.383-06:00 DEBUG 8 — [fhb-fincl-event-identifier-service] [nio-8080-exec-5] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@583f54e2
2025-01-20T11:41:44.383-06:00 DEBUG 8 — [fhb-fincl-event-identifier-service] [nio-8080-exec-5] o.s.s.web.DefaultRedirectStrategy : Redirecting to https://fhb-fei-service-itg.mutualofomaha.com/oauth2/authorization/okta
2025-01-20T11:41:45.056-06:00 DEBUG 8 — [fhb-fincl-event-identifier-service] [nio-8080-exec-6] o.s.security.web.FilterChainProxy : Securing GET /login/oauth2/code/okta?code=AyvbOA77DaBHMP6_n2DpaX-Q9se7G3I4ajZyo0CGDDU&state=kHNKkJdKxmyV3CYnB-u1q2NpbEf7rBW1j8gdzPfd4Ac%3D
2025-01-20T11:41:45.057-06:00 DEBUG 8 — [fhb-fincl-event-identifier-service] [nio-8080-exec-6] o.s.s.web.DefaultRedirectStrategy : Redirecting to /login?error
Are you able to tell if there is a difference between the request made to the /token endpoint when run locally versus when you deployed it? Assuming thats where the failure happens, that is.
onRequestCache : Saved request http://localhost:8080/api/transactionTypes?continue to session
2025-01-21T15:05:37.360-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using Or [org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer$BearerTokenRequestMatcher@4f27643d, RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest], And [Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@6fb3d3bb, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@6fb3d3bb, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[/]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@6fb3d3bb, matchingMediaTypes=[/], useEquals=true, ignoredMediaTypes=]]
2025-01-21T15:05:37.360-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@6fb3d3bb, matchingMediaTypes=[application/xhtml+xml, image/, text/html, text/plain], useEquals=false, ignoredMediaTypes=[/]]]
2025-01-21T15:05:37.361-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint@19305a7c
2025-01-21T15:05:37.361-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], Not [And [Or [Ant [pattern=‘/login’], Ant [pattern=‘/favicon.ico’]], And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@6fb3d3bb, matchingMediaTypes=[application/xhtml+xml, image/, text/html, text/plain], useEquals=false, ignoredMediaTypes=[/]]]]], org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer$$Lambda/0x00000224c9a00220@3857c82a]
2025-01-21T15:05:37.363-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@41077636
2025-01-21T15:05:37.364-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-1] o.s.s.web.DefaultRedirectStrategy : Redirecting to http://localhost:8080/oauth2/authorization/okta
2025-01-21T15:05:37.381-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-2] o.s.security.web.FilterChainProxy : Securing GET /oauth2/authorization/okta
2025-01-21T15:05:37.389-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-2] o.s.s.web.DefaultRedirectStrategy : Redirecting to https://myaccount-preview.mutualofomaha.com/oauth2/auspwnqpbqH6VDxFm1d6/v1/authorize?response_type=code&client_id=0oai5rpzepg3ttiWe1d7&scope=openid%20profile%20email&state=p4XJnblj2CUCAPBsPI6fCiDHsQWggd2_TQWuToJWJAQ%3D&redirect_uri=http://localhost:8080/login/oauth2/code/okta&nonce=i1vPmemhFFzaDK5rGChQx9enBPorYNtbTgtKLOHu9Zs&code_challenge=47oHVMYPYviyjSReVXYS__BCYC0_7F2OsxLY3lkcZwA&code_challenge_method=S256
2025-01-21T15:05:39.811-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-3] o.s.security.web.FilterChainProxy : Securing GET /login/oauth2/code/okta?code=Vd8LKRqoaVcVW9QYFaNjYSOzJtEWJDjJHn9XwgthPz0&state=p4XJnblj2CUCAPBsPI6fCiDHsQWggd2_TQWuToJWJAQ%3D
2025-01-21T15:05:39.824-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-3] o.s.web.client.RestTemplate : HTTP POST https://myaccount-preview.mutualofomaha.com/oauth2/auspwnqpbqH6VDxFm1d6/v1/token
2025-01-21T15:05:39.825-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-3] o.s.web.client.RestTemplate : Accept=[application/json, application/*+json]
2025-01-21T15:05:39.826-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-3] o.s.web.client.RestTemplate : Writing [{grant_type=[authorization_code], code=[Vd8LKRqoaVcVW9QYFaNjYSOzJtEWJDjJHn9XwgthPz0], redirect_uri=[http://localhost:8080/login/oauth2/code/okta], client_id=[0oai5rpzepg3ttiWe1d7], code_verifier=[Habjb3iHX4HxZVpPR00M8Cff9h1OcKqrp-_A6kjMapCUnB3FdxgwOq6zVV51B9xyH5iERMv4rXQqLuqPF-HQ3FQOuAQLu-fKJVGcXM6ftvc1wdCIklQ5jg1WFfer6qpr]}] as “application/x-www-form-urlencoded;charset=UTF-8”
2025-01-21T15:05:40.753-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-3] o.s.web.client.RestTemplate : Response 200 OK
The difference I see between localhost and the TKG is this
local host 
Redirecting to http://localhost:8080/oauth2/authorization/okta
2025-01-21T15:05:37.381-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-2] o.s.security.web.FilterChainProxy : Securing GET /oauth2/authorization/okta
2025-01-21T15:05:37.389-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-2] o.s.s.web.DefaultRedirectStrategy : Redirecting to https://myaccount-preview.mutualofomaha.com/oauth2/auspwnqpbqH6VDxFm1d6/v1/authorize?response_type=code&client_id=0oai5rpzepg3ttiWe1d7&scope=openid%20profile%20email&state=p4XJnblj2CUCAPBsPI6fCiDHsQWggd2_TQWuToJWJAQ%3D&redirect_uri=http://localhost:8080/login/oauth2/code/okta&nonce=i1vPmemhFFzaDK5rGChQx9enBPorYNtbTgtKLOHu9Zs&code_challenge=47oHVMYPYviyjSReVXYS__BCYC0_7F2OsxLY3lkcZwA&code_challenge_method=S256
2025-01-21T15:05:39.811-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-3] o.s.security.web.FilterChainProxy : Securing GET /login/oauth2/code/okta?code=Vd8LKRqoaVcVW9QYFaNjYSOzJtEWJDjJHn9XwgthPz0&state=p4XJnblj2CUCAPBsPI6fCiDHsQWggd2_TQWuToJWJAQ%3D
2025-01-21T15:05:39.824-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-3] o.s.web.client.RestTemplate : HTTP POST https://myaccount-preview.mutualofomaha.com/oauth2/auspwnqpbqH6VDxFm1d6/v1/token
2025-01-21T15:05:39.825-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-3] o.s.web.client.RestTemplate : Accept=[application/json, application/*+json]
2025-01-21T15:05:39.826-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-3] o.s.web.client.RestTemplate : Writing [{grant_type=[authorization_code], code=[Vd8LKRqoaVcVW9QYFaNjYSOzJtEWJDjJHn9XwgthPz0], redirect_uri=[http://localhost:8080/login/oauth2/code/okta], client_id=[0oai5rpzepg3ttiWe1d7], code_verifier=[Habjb3iHX4HxZVpPR00M8Cff9h1OcKqrp-_A6kjMapCUnB3FdxgwOq6zVV51B9xyH5iERMv4rXQqLuqPF-HQ3FQOuAQLu-fKJVGcXM6ftvc1wdCIklQ5jg1WFfer6qpr]}] as “application/x-www-form-urlencoded;charset=UTF-8”
2025-01-21T15:05:40.753-05:00 DEBUG 31784 — [fhb-fincl-event-identifier-service] [nio-8080-exec-3] o.s.web.client.RestTemplate : Response 200 OK
we see the post request on token end point but in the tkg -Redirecting to https://fhb-fei-service-itg.mutualofomaha.com/oauth2/authorization/okta
2025-01-21T10:29:34.954-06:00 DEBUG 8 — [fhb-fincl-event-identifier-service] [nio-8080-exec-3] o.s.security.web.FilterChainProxy : Securing GET /login/oauth2/code/okta?code=oHpKlbTfPAA6mFRf35uN5eM8G7OSkGLWWMr1ohvIzGw&state=lhdxxX0zRMmR0IfjTKmCQDE9HojFlTP0W2bmL6H6dRM%3D
2025-01-21T10:29:34.955-06:00 DEBUG 8 — [fhb-fincl-event-identifier-service] [nio-8080-exec-3] o.s.s.web.DefaultRedirectStrategy : Redirecting to /login?error I do not see /token endpoint being triggerred
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
