Is there a way our service can start without connecting to https://dev-xxxxxx.okta.com/.well-known/openid-configuration. Our server will be running without internet access inside our network. If we enable internet to the server and start the server and then we can turn off the internet and it works fine.
Hello,
Can you detail more about what your service is? Is it a resource server with protected APIs, that clients call?
If so, in theory there might be a few hacks you could do that would require modifying the servers resolvers to resolve your Org to an internal source that could host the contents of the .well-known endpoints, /keys endpoints etc. These copies would need to mirror the content of the actual resources hosted on the Org server, and stay in sync when the keys rotate. However this is something you would need to setup or perhaps have consultation for.
If this is not a resource server but a web app that is part of the auth flow, then it must have internet access.
Hi, I am currently using these properties in springboot application which are downloaded using the internet. Our web application uses OKTA for authentication and server has no internet access.
spring.security.oauth2.client.registration.okta.client-id=xxxxxxxxxx
spring.security.oauth2.client.registration.okta.client-secret=xxxxxxxxxxxxxxxxxxxxxxxxxxx
spring.security.oauth2.client.registration.okta.client-name=Access
spring.security.oauth2.client.registration.okta.provider=okta
spring.security.oauth2.client.provider.okta.issuer-uri=https://dev-xxxxxxx.okta.com
spring.security.oauth2.client.registration.okta.scope=openid,profile,email,address,phone
spring.security.oauth2.client.registration.okta.client-authentication-method=basic
spring.security.oauth2.client.registration.okta.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.okta.redirect-uri=https://dev-xxxxxxx.okta.com/oauth2/code/okta
spring.security.oauth2.client.provider.okta.authorization-uri=https://dev-xxxxxxx.okta.com/oauth2/v1/authorize
spring.security.oauth2.client.provider.okta.token-uri=https://dev-xxxxxxx.okta.com/oauth2/v1/token
spring.security.oauth2.client.provider.okta.user-info-uri=https://dev-xxxxxxx.okta.com/oauth2/v1/userinfo
spring.security.oauth2.client.provider.okta.jwk-set-uri=https://dev-xxxxxxx.okta.com/oauth2/v1/keys
spring.security.oauth2.client.provider.okta.userNameAttribute=email
@venumath If you turn off your Internet and try to open this URL https://dev-xxxxxx.okta.com/.well-known/openid-configuration on your local machine, what error/warning do you receive?
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for “https://dev-removed.okta.com/.well-known/openid-configuration”: dev-removed.okta.com; nested exception is java.net.UnknownHostException: dev-removed.okta.com
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:740) ~[spring-web-5.1.19.RELEASE.jar:5.1.19.RELEASE]
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:666) ~[spring-web-5.1.19.RELEASE.jar:5.1.19.RELEASE]
at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:307) ~[spring-web-5.1.19.RELEASE.jar:5.1.19.RELEASE]
at org.springframework.security.oauth2.client.registration.ClientRegistrations.getOpenidConfiguration(ClientRegistrations.java:106) ~[spring-security-oauth2-client-5.1.13.RELEASE.jar:5.1.13.RELEASE]
… 167 common frames omitted
Caused by: java.net.UnknownHostException: dev-removed.okta.com
@venumath I do not think that is doable or if pre-saving metadata to local machine can help. You can post the issue on Okta spring boot SDK to double check.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.