{"id":499,"date":"2020-11-22T17:28:02","date_gmt":"2020-11-22T17:28:02","guid":{"rendered":"http:\/\/www.canchito-dev.com\/public\/blog\/?p=499"},"modified":"2021-05-02T13:34:50","modified_gmt":"2021-05-02T13:34:50","slug":"spring-security-with-saml2-and-okta","status":"publish","type":"post","link":"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/11\/22\/spring-security-with-saml2-and-okta\/","title":{"rendered":"Spring Security with SAML2 and Okta"},"content":{"rendered":"<h1>Spring Security with SAML2 and Okta<\/h1>\n<div class=\"perfect-pullquote vcard pullquote-align-full pullquote-border-placement-left\"><blockquote><p><\/p>\n<p>Greetings! In this post, we will be showing you how to build a Spring Boot application that uses Okta as platform for authentication via SAML (Security Assertion Markup Language). Ready to get started?<\/p>\n<p><\/p><\/blockquote><\/div>\n<div><a class=\"donate-with-crypto\" href=\"https:\/\/commerce.coinbase.com\/checkout\/faf64f90-2e80-46ee-aeba-0fde14cbeb46\"><br \/>\nBuy Me a Coffee<br \/>\n<\/a><br \/>\n<script src=\"https:\/\/commerce.coinbase.com\/v1\/checkout.js?version=201807\">\n  <\/script><\/div>\n<p>&nbsp;<\/p>\n<h2>What you\u2019ll need<\/h2>\n<ul>\n<li style=\"text-align: justify;\">About 40 minutes<\/li>\n<li style=\"text-align: justify;\">A favorite IDE. In this post, we use <a href=\"https:\/\/www.jetbrains.com\/idea\/download\/index.html\">Intellij Community<\/a><\/li>\n<li style=\"text-align: justify;\"><a href=\"http:\/\/www.oracle.com\/technetwork\/java\/javase\/downloads\/index.html\">JDK 11<\/a> or later. It can be made to work with JDK8, but it will need configuration tweaks. Please check the Spring Boot documentation<\/li>\n<\/ul>\n<h2>Sign Up for an Okta Developer Account<\/h2>\n<p>Signing up for an Okta Developer Account is very simple and straight forward. Go to <a href=\"https:\/\/developer.okta.com\">https:\/\/developer.okta.com<\/a>, and fill in the required information.<\/p>\n<p>When you&#8217;re done, you\u2019ll receive an email requesting you to activate your account and change your temporary password. After completing these steps, you\u2019ll land on your dashboard with some annotations about \u201capps\u201d.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"512\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/11\/22\/spring-security-with-saml2-and-okta\/okta-developer-developer-console\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-developer-console.png\" data-orig-size=\"1019,946\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Okta developer console\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Okta developer console&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-developer-console.png\" class=\"aligncenter wp-image-512 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-developer-console.png\" alt=\"CANCHITO-DEV: Okta developer console\" width=\"1019\" height=\"946\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-developer-console.png 1019w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-developer-console-300x279.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-developer-console-768x713.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-developer-console-624x579.png 624w\" sizes=\"auto, (max-width: 1019px) 100vw, 1019px\" \/><\/p>\n<p style=\"text-align: justify;\">Within the activation mail, you will get your Okta URL. Make sure you take a screenshot or write down, as you\u2019ll need this URL to get back to Okta user interface.<\/p>\n<h2>Create a SAML Application on Okta<\/h2>\n<p style=\"text-align: justify;\">After activating your account, log in to it. If you just created an account, you\u2019ll see a screen similar to the one above.<\/p>\n<p style=\"text-align: justify;\">The first thing we are going to do, is change to the Classic UI. Click on <strong>&lt;&gt; Developer Console<\/strong>\u00a0in the top-left corner and switch to the Classic UI. If you see a screen like the following, you\u2019re good to go!<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"511\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/11\/22\/spring-security-with-saml2-and-okta\/okta-developer-classic-ui\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-classic-ui.png\" data-orig-size=\"1014,909\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Okta developer Classic UI\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Okta developer Classic UI&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-classic-ui.png\" class=\"aligncenter wp-image-511 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-classic-ui.png\" alt=\"CANCHITO-DEV: Okta developer Classic UI\" width=\"1014\" height=\"909\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-classic-ui.png 1014w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-classic-ui-300x269.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-classic-ui-768x688.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-classic-ui-624x559.png 624w\" sizes=\"auto, (max-width: 1014px) 100vw, 1014px\" \/><\/p>\n<p style=\"text-align: justify;\">Click <strong>Add Applications<\/strong> in the top right to continue. This will bring you to a screen with a list of applications. Here, click on <strong>Create New App<\/strong>\u00a0green button on the left.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"506\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/11\/22\/spring-security-with-saml2-and-okta\/okta-developer-add-application\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-add-application.png\" data-orig-size=\"1016,949\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Okta developer add application\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Okta developer add application&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-add-application.png\" class=\"aligncenter wp-image-506 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-add-application.png\" alt=\"CANCHITO-DEV: Okta developer add application\" width=\"1016\" height=\"949\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-add-application.png 1016w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-add-application-300x280.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-add-application-768x717.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-add-application-624x583.png 624w\" sizes=\"auto, (max-width: 1016px) 100vw, 1016px\" \/><\/p>\n<p style=\"text-align: justify;\">After clicking it, a popup window with the title <em>&#8220;Create a New Application Integration&#8221;<\/em> will be shown. Select <em><strong>Web<\/strong><\/em> as platform and <em><strong>SAML 2.0<\/strong><\/em>\u00a0as sign on method. Just as shown in the image below.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"507\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/11\/22\/spring-security-with-saml2-and-okta\/okta-developer-application-integration-web-saml2\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-application-integration-web-saml2.png\" data-orig-size=\"701,395\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Okta developer application integration web SAML2\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Okta developer application integration web SAML2&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-application-integration-web-saml2.png\" class=\"aligncenter wp-image-507 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-application-integration-web-saml2.png\" alt=\"CANCHITO-DEV: Okta developer application integration web SAML2\" width=\"701\" height=\"395\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-application-integration-web-saml2.png 701w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-application-integration-web-saml2-300x169.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-application-integration-web-saml2-624x352.png 624w\" sizes=\"auto, (max-width: 701px) 100vw, 701px\" \/><\/p>\n<p style=\"text-align: justify;\">Once you reach the next screen, you will be prompted for an application name. In this case, we have used <em>&#8220;spring-saml&#8221;<\/em>. You can leave everything else as it is. Click on <strong>Next<\/strong>\u00a0green button to continue.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"516\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/11\/22\/spring-security-with-saml2-and-okta\/okta-developer-saml-integration-general-settings\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-general-settings.png\" data-orig-size=\"1016,893\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Okta developer SAML integration general settings\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Okta developer SAML integration general settings&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-general-settings.png\" class=\"aligncenter wp-image-516 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-general-settings.png\" alt=\"CANCHITO-DEV: Okta developer SAML integration general settings\" width=\"1016\" height=\"893\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-general-settings.png 1016w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-general-settings-300x264.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-general-settings-768x675.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-general-settings-624x548.png 624w\" sizes=\"auto, (max-width: 1016px) 100vw, 1016px\" \/><\/p>\n<p style=\"text-align: justify;\">Now you have reached the second step, configuring SAML. Enter the following values:<\/p>\n<ul>\n<li style=\"text-align: justify;\">Single sign on URL: <code>`https:\/\/localhost:8443\/spring-saml\/login\/saml2\/sso\/okta`<\/code><\/li>\n<li style=\"text-align: justify;\">Audience URI (SP Entity Id): <code>`https:\/\/localhost:8443\/spring-saml\/saml2\/service-provider-metadata\/okta`<\/code><\/li>\n<li style=\"text-align: justify;\">Use this for Recipient URL and Destination URL: Make sure it is checked.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"517\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/11\/22\/spring-security-with-saml2-and-okta\/okta-developer-saml-integration-saml-settings\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-saml-settings.png\" data-orig-size=\"1019,885\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Okta developer SAML integration settings\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Okta developer SAML integration settings&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-saml-settings.png\" class=\"aligncenter wp-image-517 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-saml-settings.png\" alt=\"CANCHITO-DEV: Okta developer SAML integration settings\" width=\"1019\" height=\"885\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-saml-settings.png 1019w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-saml-settings-300x261.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-saml-settings-768x667.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-saml-settings-624x542.png 624w\" sizes=\"auto, (max-width: 1019px) 100vw, 1019px\" \/><\/p>\n<p style=\"text-align: justify;\">Scroll to the bottom of the form and click <strong>Next<\/strong>. This will bring you to the last step, feedback. Choose <em><strong>\u201cI\u2019m an Okta customer adding an internal app\u201d<\/strong><\/em> and check <em><strong>&#8220;This is an internal app that we have created&#8221;<\/strong><\/em>\u00a0App type.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"515\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/11\/22\/spring-security-with-saml2-and-okta\/okta-developer-saml-integration-configure-application\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-configure-application.png\" data-orig-size=\"1018,742\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Okta developer SAML configure application\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Okta developer SAML configure application&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-configure-application.png\" class=\"aligncenter wp-image-515 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-configure-application.png\" alt=\"CANCHITO-DEV: Okta developer SAML configure application\" width=\"1018\" height=\"742\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-configure-application.png 1018w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-configure-application-300x219.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-configure-application-768x560.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-integration-configure-application-624x455.png 624w\" sizes=\"auto, (max-width: 1018px) 100vw, 1018px\" \/><\/p>\n<p style=\"text-align: justify;\">Click the <strong>Finish<\/strong>\u00a0button to continue. This will bring you to the application\u2019s <em>\u201cSign On\u201d<\/em> tab which has a section with a link to your applications metadata in a yellow box. Click on <strong>View Setup Instructions<\/strong>. A new tab will open. Do not close it, as you will need this information to configure your Spring Boot application.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"518\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/11\/22\/spring-security-with-saml2-and-okta\/okta-developer-saml-sign-on-methods\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-sign-on-methods.png\" data-orig-size=\"1019,801\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Okta developer SAML sign in methods\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Okta developer SAML sign in methods&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-sign-on-methods.png\" class=\"aligncenter wp-image-518 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-sign-on-methods.png\" alt=\"CANCHITO-DEV: Okta developer SAML sign in methods\" width=\"1019\" height=\"801\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-sign-on-methods.png 1019w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-sign-on-methods-300x236.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-sign-on-methods-768x604.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-saml-sign-on-methods-624x491.png 624w\" sizes=\"auto, (max-width: 1019px) 100vw, 1019px\" \/><\/p>\n<p style=\"text-align: justify;\">The final setup step you\u2019ll need to do, is assigning people to the application. Click on the <strong>Assignments<\/strong> tab and the <strong>Assign<\/strong> &gt; <strong>Assign to People<\/strong>\u00a0button.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"509\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/11\/22\/spring-security-with-saml2-and-okta\/okta-developer-assignments\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-assignments.png\" data-orig-size=\"1015,877\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Okta developer assignments\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Okta developer assignments&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-assignments.png\" class=\"aligncenter wp-image-509 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-assignments.png\" alt=\"CANCHITO-DEV: Okta developer assignments\" width=\"1015\" height=\"877\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-assignments.png 1015w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-assignments-300x259.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-assignments-768x664.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-assignments-624x539.png 624w\" sizes=\"auto, (max-width: 1015px) 100vw, 1015px\" \/><\/p>\n<p style=\"text-align: justify;\">You\u2019ll see a list of people with your account in it. Click the <strong>Assign<\/strong> button, accept the default username (your email), and click the <strong>Done<\/strong>\u00a0button.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"510\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/11\/22\/spring-security-with-saml2-and-okta\/okta-developer-assign-people\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-assign-people.png\" data-orig-size=\"709,599\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Okta developer assign people\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Okta developer assign people&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-assign-people.png\" class=\"aligncenter wp-image-510 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-assign-people.png\" alt=\"CANCHITO-DEV: Okta developer assign people\" width=\"709\" height=\"599\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-assign-people.png 709w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-assign-people-300x253.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-assign-people-624x527.png 624w\" sizes=\"auto, (max-width: 709px) 100vw, 709px\" \/><\/p>\n<h2>Create a Spring Boot Application with SAML Authentication<\/h2>\n<p style=\"text-align: justify;\">For all Spring Boot applications, it is always a good idea to start with the <a href=\"https:\/\/start.spring.io\/\">Spring Initializr<\/a>. The Initializr is an excellent option for pulling in all the dependencies you need for an application and does a lot of the setup for you. This example needs only the <em>Spring Web<\/em>,<em> Spring Security<\/em>, <em>Spring Boot DevTools<\/em> and <em>Thymeleaf<\/em> dependencies.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"521\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/11\/22\/spring-security-with-saml2-and-okta\/spring-initializr\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/spring-initializr.png\" data-orig-size=\"1657,935\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Spring Initializr\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Spring Initializr&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/spring-initializr-1024x578.png\" class=\"aligncenter wp-image-521 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/spring-initializr.png\" alt=\"CANCHITO-DEV: Spring Initializr\" width=\"1657\" height=\"935\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/spring-initializr.png 1657w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/spring-initializr-300x169.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/spring-initializr-1024x578.png 1024w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/spring-initializr-768x433.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/spring-initializr-1536x867.png 1536w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/spring-initializr-624x352.png 624w\" sizes=\"auto, (max-width: 1657px) 100vw, 1657px\" \/><\/p>\n<p style=\"text-align: justify;\">Click <strong>Generate Project<\/strong>, download the generated ZIP file and open it in your favorite editor.<\/p>\n<p style=\"text-align: justify;\">SAML 2.0 service provider support resides in <code>`spring-security-saml2-service-provider`<\/code>. It builds off of the OpenSAML library. By default, this SAML 2.0 dependency is not included. So the first thing we need to do, is include it.<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"xml\">&lt;dependency&gt;  \r\n  &lt;groupId&gt;org.springframework.security&lt;\/groupId&gt;  \r\n  &lt;artifactId&gt;spring-security-saml2-service-provider&lt;\/artifactId&gt;  \r\n  &lt;version&gt;5.4.1&lt;\/version&gt;  \r\n&lt;\/dependency&gt;<\/pre>\n<p style=\"text-align: justify;\">SAML authentication on Spring Security, can be configured to work with HTTP, but you will need to configure a reverse proxy server such as NGINX. To avoid this, we will enable SSL and HTTPS support on our Spring Boot application, by adding the following properties into our <code>`application.yml`<\/code>:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"yaml\">server:  \r\n  port: 8443  \r\n  servlet:  \r\n    context-path: \/spring-saml  \r\n  ssl:  \r\n    enabled: true  \r\n    key-alias: spring  \r\n    key-store: \"classpath:saml\/keystore.jks\"  \r\n  key-store-password: secret<\/pre>\n<p style=\"text-align: justify;\">Notice that we have created a <code>`keystore.jks`<\/code> file. From a terminal window, navigate to the <code>`src\/main\/resources`<\/code> directory of your app and create a <code>`saml`<\/code> directory. Navigate into the directory and run the following command. Use \u201csecret\u201d when prompted for a keystore password.<\/p>\n<p><code>keytool -genkey -v -keystore keystore.jks -alias spring -keyalg RSA -keysize 2048 -validity 10000<\/code><\/p>\n<p style=\"text-align: justify;\">The values for the rest of the questions don\u2019t matter since you\u2019re not generating a real certificate. However, you will need to answer \u201cyes\u201d to the following question.<\/p>\n<p><code>Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?<\/code><br \/>\n<code>[no]:<\/code><\/p>\n<p style=\"text-align: justify;\">Until now, we have only configure our application to use HTTPS. It is time to add the required configuration so that we can use Okta for the user authentication. Add the following properties into the <code>`application.yml`<\/code> file:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"yaml\">spring:  \r\n  security:  \r\n    saml2:  \r\n      relyingparty:  \r\n        registration:  \r\n          okta:  \r\n            identityprovider:  \r\n              entity-id: YOUR-ENTITY-ID-URL\r\n              verification.credentials:  \r\n                - certificate-location: \"classpath:saml\/okta.cert\"  \r\n              singlesignon.url: YOUR-SSO-URL  \r\n              singlesignon.sign-request: false<\/pre>\n<p>Notice that there are some information that you need from Okta. Do not worry, it is very easy to get. Remember the <strong>View Setup Instructions<\/strong>\u00a0that opened a few steps back? Go back to it, and collect the information from there. Follow the instructions in the below image:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"514\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/11\/22\/spring-security-with-saml2-and-okta\/okta-developer-howto-configure-saml2-for-application\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-howto-configure-saml2-for-application.png\" data-orig-size=\"960,938\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Okta developer howto configure SAML2 for your application\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Okta developer howto configure SAML2 for your application&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-howto-configure-saml2-for-application.png\" class=\"aligncenter wp-image-514 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-howto-configure-saml2-for-application.png\" alt=\"CANCHITO-DEV: Okta developer howto configure SAML2 for your application\" width=\"960\" height=\"938\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-howto-configure-saml2-for-application.png 960w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-howto-configure-saml2-for-application-300x293.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-howto-configure-saml2-for-application-768x750.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-howto-configure-saml2-for-application-624x610.png 624w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-developer-howto-configure-saml2-for-application-60x60.png 60w\" sizes=\"auto, (max-width: 960px) 100vw, 960px\" \/><\/p>\n<p style=\"text-align: justify;\">Let&#8217;s now create a <code>`SecurityConfiguration.java`<\/code> file in the <code>`com.canchitodev.samldemo.configuration`<\/code> package.<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"java\">package com.canchitodev.samldemo.configuration;  \r\n  \r\nimport org.opensaml.saml.saml2.core.Assertion;  \r\nimport org.springframework.context.annotation.Bean;  \r\nimport org.springframework.context.annotation.Configuration;  \r\nimport org.springframework.security.authentication.ProviderManager;  \r\nimport org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;  \r\nimport org.springframework.security.config.annotation.web.builders.HttpSecurity;  \r\nimport org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  \r\nimport org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  \r\nimport org.springframework.security.core.userdetails.User;  \r\nimport org.springframework.security.core.userdetails.UserDetails;  \r\nimport org.springframework.security.core.userdetails.UserDetailsService;  \r\nimport org.springframework.security.provisioning.InMemoryUserDetailsManager;  \r\nimport org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider;  \r\nimport org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;  \r\n  \r\n@EnableWebSecurity  \r\n@Configuration  \r\n@EnableGlobalMethodSecurity(securedEnabled = true)  \r\npublic class SecurityConfiguration extends WebSecurityConfigurerAdapter {\r\n  \r\n  @Bean  \r\n  public UserDetailsService inMemoryUserDetailsManager() {  \r\n    \/\/ The builder will ensure the passwords are encoded before saving in memory  \r\n    User.UserBuilder users = User.withDefaultPasswordEncoder();  \r\n    UserDetails user = users  \r\n      .username(\"YOUR_OKTA_USER\")  \r\n      .password(\"YOUR_OKTA_USER_PWD\")  \r\n      .roles(\"USER\", \"ADMIN\")  \r\n      .build();  \r\n    return new InMemoryUserDetailsManager(user);  \r\n  }  \r\n\r\n  @Override  \r\n  protected void configure(HttpSecurity http) throws Exception {  \r\n    OpenSamlAuthenticationProvider authenticationProvider = new OpenSamlAuthenticationProvider();  \r\n    authenticationProvider.setResponseAuthenticationConverter(responseToken -&gt; {  \r\n      Saml2Authentication authentication = OpenSamlAuthenticationProvider  \r\n        .createDefaultResponseAuthenticationConverter()  \r\n        .convert(responseToken);  \r\n      Assertion assertion = responseToken.getResponse().getAssertions().get(0);  \r\n      String username = assertion.getSubject().getNameID().getValue();  \r\n      UserDetails userDetails = inMemoryUserDetailsManager().loadUserByUsername(username);  \r\n      authentication.setDetails(userDetails);  \r\n      return authentication;  \r\n    });  \r\n\r\n    http  \r\n      .authorizeRequests(authorize -&gt; authorize  \r\n        .anyRequest().authenticated()  \r\n      )  \r\n      .saml2Login(saml2 -&gt; saml2  \r\n        .authenticationManager(new ProviderManager(authenticationProvider))  \r\n      );  \r\n    }  \r\n}<\/pre>\n<p style=\"text-align: justify;\">Notice that we have created an <code>`InMemoryUserDetailsManager`<\/code>, which implements <code>`UserDetailsService`<\/code> to provide support for username\/password based authentication that is retrieved in memory.<\/p>\n<p style=\"text-align: justify;\">This is done, because we want to show you, what you could do, if you needed to implement a custom authentication manager that includes user details from a &#8220;legacy&#8221; <code>`UserDetailsService`<\/code>. You would want to use this &#8220;legacy&#8221; service, in situations in which you just want to authenticate the user, but use the permissions and privileges specified by the legacy system.<\/p>\n<p style=\"text-align: justify;\">If you do not need this, or you want to configure the permissions and privileges in Okta, change the <code>`configure`<\/code> method to the following:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"java\">protected void configure(HttpSecurity http) {\r\n  http\r\n    .authorizeRequests(authorize -&gt; authorize\r\n        .anyRequest().authenticated()\r\n    )\r\n    .saml2Login(withDefaults());\r\n}<\/pre>\n<p style=\"text-align: justify;\">Great! Now, we will be creating a controller and use it to set the default view to `index`. Add a class file under <code>`com.canchitodev.samldemo`<\/code> and called it <code>`IndexController.java`<\/code>. The file should look like this:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"java\">package com.canchitodev.samldemo.controller;  \r\n  \r\nimport org.springframework.security.core.annotation.AuthenticationPrincipal;  \r\nimport org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal;  \r\nimport org.springframework.stereotype.Controller;  \r\nimport org.springframework.ui.Model;  \r\nimport org.springframework.web.bind.annotation.RequestMapping;  \r\n  \r\n@Controller  \r\npublic class IndexController {\r\n\r\n  @RequestMapping(\"\/\")  \r\n    public String index(Model model, @AuthenticationPrincipal Saml2AuthenticatedPrincipal principal) {\r\n      String emailAddress = principal.getFirstAttribute(\"emailAddress\");\r\n      model.addAttribute(\"emailAddress\", emailAddress);\r\n      model.addAttribute(\"userAttributes\", principal.getAttributes());\r\n      return \"index\";\r\n  }  \r\n}<\/pre>\n<p style=\"text-align: justify;\"><span style=\"font-size: 1rem;\">Since you chose Thymeleaf when creating your application, you can create a <code>`src\/main\/resources\/templates\/index.html`<\/code> and it will automatically be rendered after you sign-in. Create this file and populate it with the following HTML.<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"html\">&lt;!doctype html&gt;  \r\n&lt;html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\" xmlns:th=\"https:\/\/www.thymeleaf.org\" xmlns:sec=\"https:\/\/www.thymeleaf.org\/thymeleaf-extras-springsecurity5\"&gt;  \r\n&lt;head&gt;\r\n  &lt;title&gt;Spring Security - SAML 2.0 Login&lt;\/title&gt;\r\n  &lt;meta charset=\"utf-8\" \/&gt;\r\n  &lt;style&gt;\r\n    span, dt {\r\n      font-weight: bold;  \r\n        }  \r\n    &lt;\/style&gt;  \r\n&lt;\/head&gt;  \r\n&lt;body&gt;\r\n  &lt;div&gt;\r\n    &lt;form th:action=\"@{\/logout}\" method=\"post\"&gt;\r\n      &lt;input type=\"submit\" value=\"Logout\" \/&gt;\r\n    &lt;\/form&gt;\r\n  &lt;\/div&gt;  \r\n  &lt;h1&gt;SAML 2.0 Login with Spring Security&lt;\/h1&gt;  \r\n  &lt;p&gt;You are successfully logged in as &lt;span sec:authentication=\"name\"&gt;&lt;\/span&gt;&lt;\/p&gt;  \r\n&lt;\/body&gt;  \r\n&lt;\/html&gt;<\/pre>\n<h2 style=\"text-align: justify;\">Time to Run the App and Login with Okta<\/h2>\n<p style=\"text-align: justify;\">Start the app using your IDE or <code>`mvn spring-boot:run`<\/code> and afterwards, user your favorite browser and navigate to `https:\/\/localhost:8443\/spring-saml`. It is likely that you will see a privacy error.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"505\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/11\/22\/spring-security-with-saml2-and-okta\/browser-not-private-connection\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/browser-not-private-connection.png\" data-orig-size=\"2256,1029\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Not private connection\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Not private connection&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/browser-not-private-connection-1024x467.png\" class=\"aligncenter wp-image-505 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/browser-not-private-connection.png\" alt=\"CANCHITO-DEV: Not private connection\" width=\"2256\" height=\"1029\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/browser-not-private-connection.png 2256w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/browser-not-private-connection-300x137.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/browser-not-private-connection-1024x467.png 1024w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/browser-not-private-connection-768x350.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/browser-not-private-connection-1536x701.png 1536w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/browser-not-private-connection-2048x934.png 2048w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/browser-not-private-connection-624x285.png 624w\" sizes=\"auto, (max-width: 2256px) 100vw, 2256px\" \/><\/p>\n<p style=\"text-align: justify;\">Click the <strong>ADVANCED<\/strong>\u00a0link at the bottom. Then click the <strong>Proceed to localhost (unsafe)<\/strong>\u00a0link.<\/p>\n<p style=\"text-align: justify;\">Next, you\u2019ll be redirected to Okta to sign in and redirected back to your app. If you\u2019re already logged in, you won\u2019t see anything from Okta. If you sign out from Okta, you\u2019ll see a login screen such as the one below.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"520\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/11\/22\/spring-security-with-saml2-and-okta\/okta-sign-in\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-sign-in.png\" data-orig-size=\"416,720\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Okta SSO\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Okta SSO&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-sign-in.png\" class=\"aligncenter wp-image-520 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-sign-in.png\" alt=\"CANCHITO-DEV: Okta SSO\" width=\"416\" height=\"720\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-sign-in.png 416w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/okta-sign-in-173x300.png 173w\" sizes=\"auto, (max-width: 416px) 100vw, 416px\" \/><\/p>\n<p style=\"text-align: justify;\">After you\u2019ve logged in, you should see a screen like the one below.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"522\" data-permalink=\"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/11\/22\/spring-security-with-saml2-and-okta\/success-sign-in\/\" data-orig-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/success-sign-in.png\" data-orig-size=\"801,260\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"CANCHITO-DEV: Successful sign in\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;CANCHITO-DEV: Successful sign in&lt;\/p&gt;\n\" data-large-file=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/success-sign-in.png\" class=\"aligncenter wp-image-522 size-full\" src=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/success-sign-in.png\" alt=\"CANCHITO-DEV: Successful sign in\" width=\"801\" height=\"260\" srcset=\"http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/success-sign-in.png 801w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/success-sign-in-300x97.png 300w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/success-sign-in-768x249.png 768w, http:\/\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/11\/success-sign-in-624x203.png 624w\" sizes=\"auto, (max-width: 801px) 100vw, 801px\" \/><\/p>\n<h2 style=\"text-align: justify;\">Contribute Code<\/h2>\n<p style=\"text-align: justify;\">If you would like to become an active contributor to this project please follow these simple steps:<\/p>\n<ol>\n<li style=\"text-align: justify;\">Fork it<\/li>\n<li style=\"text-align: justify;\">Create your feature branch<\/li>\n<li style=\"text-align: justify;\">Commit your changes<\/li>\n<li style=\"text-align: justify;\">Push to the branch<\/li>\n<li style=\"text-align: justify;\">Create new Pull Request<\/li>\n<\/ol>\n<p style=\"text-align: justify;\">The full implementation of this article can be found in the <a href=\"https:\/\/github.com\/canchito-dev\/spring-security-with-saml2-and-okta\">GitHub<\/a> project \u2013 this is a <strong>Maven<\/strong>-based project, so it should be easy to import and run as it is.<\/p>\n<h2 style=\"text-align: justify;\">Summary<\/h2>\n<p style=\"text-align: justify;\">In this article, we showed how to create a Spring Boot application that integrates with Okta as a SAML authentication provider. We hope that, even though this was a very basic introduction, you understood how to use and configure this tool.<\/p>\n<p style=\"text-align: justify;\">Please feel free to contact us. We will gladly response to any doubt or question you might have.<\/p>\n<h2 style=\"text-align: justify;\">License<\/h2>\n<p style=\"text-align: justify;\">The MIT License (MIT)<\/p>\n<p style=\"text-align: justify;\">Copyright (c) 2020, canchito-dev<\/p>\n<p style=\"text-align: justify;\">Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \u201cSoftware\u201d), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and\/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:<\/p>\n<p style=\"text-align: justify;\">The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.<\/p>\n<p style=\"text-align: justify;\">THE SOFTWARE IS PROVIDED \u201cAS IS\u201d, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Greetings! In this post, we will be showing you how to build a Spring Boot application that uses Okta as platform for authentication via SAML (Security Assertion Markup Language). Ready to get started?<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[47,82,3,65,83,1],"tags":[13,80,10,77,78,67,81,79],"class_list":["post-499","post","type-post","status-publish","format-standard","hentry","category-open-source","category-saml","category-spring","category-spring-boot","category-spring-security","category-uncategorized","tag-java","tag-okta","tag-open-source","tag-saml","tag-saml2","tag-spring-boot","tag-spring-security","tag-sso"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p8EwXo-83","jetpack-related-posts":[{"id":263,"url":"http:\/\/www.canchito-dev.com\/public\/blog\/2018\/06\/11\/spring-boot-actuator-production-ready-features\/","url_meta":{"origin":499,"position":0},"title":"Spring Boot Actuator &#8211; Production-ready features","author":"canchitodev","date":"June 11, 2018","format":false,"excerpt":"In this post, we\u2019re going to introduce Spring Boot Actuator, by first covering the basics. Afterwards,\u00a0you will create a Spring project and learn how to use, configure and extend this monitoring tool.","rel":"","context":"In &quot;Actuator&quot;","block_context":{"text":"Actuator","link":"http:\/\/www.canchito-dev.com\/public\/blog\/category\/actuator\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":471,"url":"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/06\/27\/flowable-custom-engine-configuration\/","url_meta":{"origin":499,"position":1},"title":"Customizing Flowable Engine","author":"canchitodev","date":"June 27, 2020","format":false,"excerpt":"In this article, we will go into detail on how to customize Flowable's engine. Three changes to the engine will be done: (1) Change the database connection by modifying the data source and adding custom data source properties. (2)Use a strong UUID generator. (3)Implement a custom event handler.","rel":"","context":"In &quot;BPM&quot;","block_context":{"text":"BPM","link":"http:\/\/www.canchito-dev.com\/public\/blog\/category\/bpm\/"},"img":{"alt_text":"CANCHITO-DEV: Spring Initializr","src":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/initializr-1024x674.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/initializr-1024x674.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/initializr-1024x674.png?resize=525%2C300 1.5x"},"classes":[]},{"id":361,"url":"http:\/\/www.canchito-dev.com\/public\/blog\/2019\/07\/22\/spring-cloud-config-server-and-client-side-support-for-externalized-configuration\/","url_meta":{"origin":499,"position":2},"title":"Spring Cloud Config &#8211; Server and client-side support for externalized configuration","author":"canchitodev","date":"July 22, 2019","format":false,"excerpt":"Want to learn how to manage your application configuration in a distributed environment? Learn how to do it with Spring Cloud Config.","rel":"","context":"In &quot;Spring&quot;","block_context":{"text":"Spring","link":"http:\/\/www.canchito-dev.com\/public\/blog\/category\/spring\/"},"img":{"alt_text":"CANCHITO-DEV: Spring Boot Config - Server and client-side support for externalized configuration","src":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2019\/07\/Spring-Boot-Config-Server-and-client-side-support-for-externalized-configuration.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2019\/07\/Spring-Boot-Config-Server-and-client-side-support-for-externalized-configuration.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2019\/07\/Spring-Boot-Config-Server-and-client-side-support-for-externalized-configuration.png?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2019\/07\/Spring-Boot-Config-Server-and-client-side-support-for-externalized-configuration.png?resize=700%2C400 2x"},"classes":[]},{"id":372,"url":"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/06\/07\/create-custom-service-tasks-for-flowable\/","url_meta":{"origin":499,"position":3},"title":"Create Custom Service Tasks for Flowable","author":"canchitodev","date":"June 7, 2020","format":false,"excerpt":"In\u00a0this\u00a0tutorial,\u00a0we\u00a0will\u00a0be\u00a0implementing\u00a0a\u00a0custom\u00a0service\u00a0task\u00a0in\u00a0Flowable\u00a0","rel":"","context":"In &quot;BPM&quot;","block_context":{"text":"BPM","link":"http:\/\/www.canchito-dev.com\/public\/blog\/category\/bpm\/"},"img":{"alt_text":"CANCHITO-DEV: Spring Initializr","src":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/initializr.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/initializr.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/initializr.png?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/initializr.png?resize=700%2C400 2x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/initializr.png?resize=1050%2C600 3x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/initializr.png?resize=1400%2C800 4x"},"classes":[]},{"id":477,"url":"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/06\/27\/use-flowable-apps-with-a-custom-rest-api\/","url_meta":{"origin":499,"position":4},"title":"Use Flowable Apps with a Custom REST API","author":"canchitodev","date":"June 27, 2020","format":false,"excerpt":"In this post, you will learn how configure Flowable's apps to use your custom Spring Boot REST API as a backend engine. All this, in a dockerized environment.","rel":"","context":"In &quot;BPM&quot;","block_context":{"text":"BPM","link":"http:\/\/www.canchito-dev.com\/public\/blog\/category\/bpm\/"},"img":{"alt_text":"CANCHITO-DEV: Process engine deployments in Flowable Admin","src":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/process-engine-deployments.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/process-engine-deployments.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/process-engine-deployments.png?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/process-engine-deployments.png?resize=700%2C400 2x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/process-engine-deployments.png?resize=1050%2C600 3x"},"classes":[]},{"id":419,"url":"http:\/\/www.canchito-dev.com\/public\/blog\/2020\/06\/27\/triggerable-custom-service-tasks-in-flowable\/","url_meta":{"origin":499,"position":5},"title":"Triggerable Custom Service Tasks in Flowable","author":"canchitodev","date":"June 27, 2020","format":false,"excerpt":"In this tutorial, we will be implementing a triggerable custom service task in Flowable. A triggerable task, is one that when it is reached, it is executes its business logic, but once done, it enters a wait state. In order to leave this state, it must be triggered.","rel":"","context":"In &quot;Flowable&quot;","block_context":{"text":"Flowable","link":"http:\/\/www.canchito-dev.com\/public\/blog\/category\/flowable\/"},"img":{"alt_text":"CANCHITO-DEV: Spring Initializr","src":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/initializr.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/initializr.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/initializr.png?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/initializr.png?resize=700%2C400 2x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/initializr.png?resize=1050%2C600 3x, https:\/\/i0.wp.com\/www.canchito-dev.com\/public\/blog\/wp-content\/uploads\/2020\/05\/initializr.png?resize=1400%2C800 4x"},"classes":[]}],"jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/posts\/499","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/comments?post=499"}],"version-history":[{"count":10,"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/posts\/499\/revisions"}],"predecessor-version":[{"id":530,"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/posts\/499\/revisions\/530"}],"wp:attachment":[{"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/media?parent=499"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/categories?post=499"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.canchito-dev.com\/public\/blog\/wp-json\/wp\/v2\/tags?post=499"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}