Do you want to learn how to add Okta authentication to your Java application without writing code? In this step-by-step tutorial, you will learn how to integrate a Java application with Okta using Datawiza to implement OIDC/OAuth SSO authentication in 5 mins.
The benefits of using Datawiza
- No need to learn complex OIDC/OAuth or SAML protocols
- No need to manage refresh tokens, access tokens or ID tokens
- No need to manage user sessions
- No need to use SDKs, call APIs or write code
- Reduce weeks of engineering work to hours, even minutes
- Avoid security vulnerabilities with a No-Code product developed by security experts
Ready to see how easy it is? Let’s get started!
Prerequisites
- For creating the Java app:
- A favorite text editor or IDE
- JDK 1.8 or later
- Gradle 4+ or Maven 3.2+
- For running Datawiza:
- Docker (18.03+)
- Docker Compose
Run a Java web application
We use the sample offered in Spring.io official Building an Application with Spring Boot as the example in this section. The application running at port 8080 simply returns “Greetings from Spring Boot!”
Introduction to the Datawiza Platform
The Datawiza Platform is a cloud-delivered platform. It includes a data plane and a control plane: Datawiza Access Broker (DAB) and Datawiza Cloud Management Console (DCMC).
DAB is a lightweight, container-based access proxy deployed close to your application via the sidecar (agent) or gateway mode. It talks to Okta on behalf of your applications, so you don’t need to worry about the integration work. DCMC is a cloud-based management console where you can configure and manage the policies of DABs. Such a SaaS-based design makes the whole platform much easier to use.
Step 1: Create an app integration in Okta
First, we need to create an Okta app integration in the Okta console. When performing this step, make sure to log in to your account on Okta. Visit the link here to create a developer account.
You can skip this step if you already have an app integration with the following values: Okta Org, Client ID, and Client Secret.
- Create an app integration after you log in to Okta.
2. Choose OIDC-OpenID Connect as Sign-in method and Web Application as Application type, then click Next.
3. Fill out the form and give your app integration a descriptive name (e.g., Okta application demo). Follow the steps below:
- Base URIs: e.g., http://localhost:9772
- Login redirect URIs: e.g., http://localhost:9772/authorization-code/callback
- Logout redirect URIs: e.g., http://localhost:9772
- Others remain default settings
- Then click Save
On the general information settings page, make a copy of the Client ID and Client secret under the Client Credentials section. You will need these two codes later to build up the connection.
In the upper-right corner, locate the organization URL, which takes the form of https://your_domain.okta.com. Save this URL as Okta Org.
Confirm that members are linked to the right applications. If not, choose Assign Applications to manually add them.
You have now registered a web application on Okta. Next, will create a simple configuration in the DCMC.
Step 2: Configurations in Datawiza Cloud Management Console
Log in to the Datawiza Cloud Management Console (DCMC). If you do not have a DCMC account, you can create one by email from the DCMC login page. Also, we provide social login and SSO functionality with Microsoft, GitHub, and Google to simplify logins for you.
The Get started function will guide you through the configuration. After logging in to the DCMC, click on the yellow “Get started” button and follow the steps.
Enter some basic information, such as the deployment name and description:
Now Add an Application:
Configure your application with the following values:
- Platform: Web
- App Name: Demo App
- Public Domain: http://localhost:9772
- Listen Port: 9772
- Upstream Servers: http://host.docker.internal:8080
Note that Upstream Servers is the address of the Java web application.
- If you use Mac or Windows, then set the Upstream Servers to http://host.docker.internal:8080 (requires Docker 18.03+).
- If you use Linux, use ip addr show docker0 to get the docker host IP (e.g., 172.17.0.1) and then set Upstream Servers to http://172.17.0.1:8080 (see this for more details).
Next, Configure the IdP:
Select OIDC as the Protocol and Okta as the Identity Provider. Input the Okta Org, Client ID, and the Client Secret you saved when creating the app integration in Okta. Then click Create.
In the last step, we will provide the command lines to pull the DAB image and the docker-compose file to run the DAB.
Execute the command lines in steps 1 & 2 and note down the docker-compose file in step 3.
Step 3: Run DAB as a sidecar (agent) to your application
After finishing the configuration in DCMC, you can run the DAB with the YAML file noted in the previous step. The docker-compose YAML file, named datawiza-access-broker.yaml should then appear like this:
version: '3'
services:
datawiza-access-broker:
image: registry.gitlab.com/datawiza/access-broker
container_name: datawiza-access-broker
restart: always
ports:
-- "9772:9772"
environment:
PROVISIONING_KEY: #############################
PROVISIONING_SECRET: #############################
Now, we can use docker-compose to create and start the DAB:
docker-compose -f datawiza-access-broker.yaml up -d
That’s it. After executing the command above, the Java web application should have SSO enabled with Okta.
Now, let’s give it a try.
Open a browser and type in http://localhost:9772. You should see the Okta login page as follows:
After logging in to Okta, the Java web application will be shown.
Summary
Congratulations! You secured a Java web application by adding Okta authentication using Datawiza — in minutes instead of weeks or months. This is only a small sampling of what Datawiza can do. See Datawiza’s online docs or official website for much more information. You can also get a free trial by signing up here!
