In this tutorial we would be implementing SSO using Okta and OAuth 2.0.
SSO (Single Sign-On) is a feature by which if you sign-in once to any of the product of an application, you don’t have to sign-in again to access the other products. For e.g., if you have logged-in to gmail then you don’t have to login again for youtube to access it.
Lets create a demo. For this we will create an application and run in 2 different ports: 8080 and 8081. We will assume 8080 is gmail and 8081 is youtube. If we log-in to one of the application then we should be able to access the other application without logging-in again.
So first we will create the first application: http://localhost:8080:
Create a Springboot project from Spring Initializr by adding below dependencies:
- Spring Security
- Okta
- Web
P.S.: Change the version of Okta to some other version, like 0.6.0, otherwise it will not work, there is some dependency issue.
Along with the above dependency please add the below dependency as well, manually, as its not available in Spring Initializr. It is required to add @EnableOAuth2Sso annotation :
<dependency> <groupId>org.springframework.security.oauth.boot</groupId> <artifactId>spring-security-oauth2-autoconfigure</artifactId> <version>2.1.5.RELEASE</version> </dependency>
In main application add this annotation: @EnableOAuth2Sso
@SpringBootApplication
@EnableOAuth2Sso
public class OktaSsoApplication {
public static void main(String[] args) {
SpringApplication.run(OktaSsoApplication.class, args);
}
}
Create a normal controller class:
@RestController
public class MyController {
@GetMapping("/")
public String greetUser(Principal principal){
return "Hi "+principal.getName()+" welcome from Okta-SSO application";
}
@GetMapping("/demo")
public String demo(Principal principal){
return "This is a message from /demo url";
}
}
Add below values in application.properties: (I will tell you from where you will get these)
okta.oauth2.issuer=https://dev-718287.okta.com/oauth2/default okta.oauth2.clientId=0oa5lk86rkYbbUY9m4x7 okta.oauth2.clientSecret=z7NsYctREIYOqfHAeImPq6bsh4WI3kIr7TAeVjp3
Sign up for an Okta account, if you already have one then login in to it:
(Seems like Okta has changed its policy, you can no longer have an developer account with your free gmail id, you need an official mail id.)
Go to Applications -> Create App Integration
Choose OICD- OpenID Connect & Web Application:
Give a name.
For Client Id and Client Secret:
Sign-in redirect URIs:
http://localhost:8080/login
For the time being give access to everyone:
For Issuer, go to:
Security -> API -> Authorization Servers
Start the application. You should see something like below, if you are not seeing this the Okta may not work properly:
Using generated security password: 45a1df1f-e9a3-4bec-ac4f-3e224408d7ea
Open a New Incognito Window. Hit http://localhost:8080. You will be redirected to below Okta login. Give the same credentials that you have given to login to Okta. On successful login you can navigate to any urls of the application.
Now lets work for the second application: http://localhost:8081:
Right click the project -> Run As-> Run Configurations
Add this: -Dserver.port=8081
Apply and Run.
So, now the 2nd application is: http://localhost:8081 , we will assume this is the 2nd application.
Add 2 URIs at respective places:
http://localhost:8081/login
http://localhost:8081
Now, try to access any of the URL in a New Incongnito window with loggin-in. Then open another New Incongnito Window and try to acccess the other application, it will not ask for logging again.
Thats it !..
GitHub URL of the above project:
https://github.com/heapsteep/Okta-SSO.git