This project demonstrates securing spring-boot application with okta SSO (Single Sign On).
- Need to have account on okta. How to create account on okta?
- Register our spring-boot-app on okta. - Make sure to config login redirect URI to
http://localhost:8080/login/oauth2/code/okta
in okta, at Login redirect URIs.
- Make sure you have all the dependencies from
pom.xml
- Add
@EnableOAuth2Client
on main class,OktaSSOApplication.class
- Fetch required user profile from okta, and create a custom
user
object to return. This is implemented inUserServiceImpl.class
We need to logout from two contexts.
- Spring security context.
- Okta context.
- To logout from
spring-security context
addWebSecurityConfig.class
fromconfig
package. - source - To logout from
okta context
, addokta.oauth2.postLogoutRedirectUri=http://localhost:8080/login/oauth2/code/okta
property inapp config.
(Make sure to configure, the same redirect URI on okta at Logout redirect URIs) - After adding the above steps, hit
/logout
end point directly, this doesn't need any extra config.
For story lovers
This is a special scenario, cause okta SDK
will not provide any functionality to logout for now.
Ideally, just hitting /logout
end point will logout the session by spring security (but okta session is still mantained).
But I faced issue here, spring-security
displays successful logout page, but actually it doesn't logout and still maintains session.
This can be tested by removing okta.oauth2.post-logout-redirect-uri=http://localhost:8080/
property from application config,
and hitting /logout
end point.