DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Please enter at least three characters to search
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workkloads.

Secure your stack and shape the future! Help dev teams across the globe navigate their software supply chain security challenges.

Releasing software shouldn't be stressful or risky. Learn how to leverage progressive delivery techniques to ensure safer deployments.

Avoid machine learning mistakes and boost model performance! Discover key ML patterns, anti-patterns, data strategies, and more.

Related

  • Ensuring Security and Compliance: A Detailed Guide to Testing the OAuth 2.0 Authorization Flow in Python Web Applications
  • Secure Your Web Applications With Facial Authentication
  • Modern Web Applications Authentication Using Face Recognition
  • Ultimate Guide to FaceIO

Trending

  • Artificial Intelligence, Real Consequences: Balancing Good vs Evil AI [Infographic]
  • Kubeflow: Driving Scalable and Intelligent Machine Learning Systems
  • Comparing SaaS vs. PaaS for Kafka and Flink Data Streaming
  • How to Practice TDD With Kotlin
  1. DZone
  2. Coding
  3. Java
  4. Okta + SAML + JBoss EAP 6.4.x + Picketlink

Okta + SAML + JBoss EAP 6.4.x + Picketlink

How to provide Okta authentication to your web app by using Okta + SAML + JBOSS EAP 6.4.x + Picketlink and JAVA as a backend.

By 
Ramiro Guerrero user avatar
Ramiro Guerrero
·
Apr. 21, 23 · Tutorial
Likes (2)
Comment
Save
Tweet
Share
4.8K Views

Join the DZone community and get the full member experience.

Join For Free

In this article, I explain how to provide Okta authentication to your web application hosted on a JBoss EAP 6.4.x server.

In this example, we provide authentication to internal users (who are logged in in the customer network) and external users (from the internet) who may be third-party collaborators such as carriers, partners, etc.

Architecture Diagram

Architecture diagram: Okta integration JBOSS EAP 6.4.x web app


Configure the Okta Account

In our case, the Okta account is managed by our customer. So, we had to provide them with the instructions for the setup.

The most relevant configuration parameters are:

  • SAML Settings in OKTA: sso url, recipient urlSingle Sign-On URL
    • This URL has to provide the logic to allow access to the application to all the users who are already logged in (in this example: internal users and external users who have already provided valid credentials before).
    • Users who are not logged in to the system should be redirected to the Okta login page. We'll see later in this article how to leverage Picketlink in order to achieve this.
  • Recipient URL
    • This URL has to manage the SAML response and provide access to the landing page if the authentication with Okta was successful. Otherwise, it has to redirect the flow to the Okta login page.

Additionally, you may need to configure some additional security attributes which will be displayed on your web application, like user first name, last name, address, email, etc.

You do this in the ATTRIBUTE STATEMENTS section:

OKTA attribute statements

Picketlink Descriptor Setup (picketlink.xml)

Picketlink is a software library written in Java for abstracting the SAML protocol and allows authentication easily by configuring an xml descriptor and providing Java classes for parsing SAML attributes from the response. Integrate Picketlink into your web app.

Once the Okta account setup is ready, you need to configure the Picketlink descriptor in your web application.

Picketlink xml descriptorSo, it's recommended to create 2 variables: one for the Identity URL and another one for the Service URL. In this example, we have created the variables gct-idp.url for the IdentityURL and gct-service.url for the service URL (we'll see later in this article how to configure your JBoss Server in order to have custom idp and service URLs for different environments like UAT, PRODUCTION, etc.)

  • The identity URL should be the one provided by your Okta account, and it allows the users to sign in (login page). Get it from the Embed Link section:OKTA identity url
  • The service URL should be the endpoint provided by your web application which will handle the SAML response and authorize access to your app resources based on the SAML response attributes and if the SAML authentication was successful.

JBoss Configuration Descriptor (standalone.xml)

In your JBoss configuration descriptor, you need to set up the same variables defined on picketlink.xml. In this case: gct-idp.url and gct-service.url. This allows you to set up different environments for development, testing, and production.
JBOSS EAP standalone.xml descriptor

SAML Response Attributes

Picketlink will do this for you. The session will have the attribute SESSION_ATTRIBUTE_MAP with all the SAML security attributes for the user authenticated.

Your Java class behind the Service URL has to retrieve this session attribute and get the value.

Web application authentication JBoss

Opinions expressed by DZone contributors are their own.

Related

  • Ensuring Security and Compliance: A Detailed Guide to Testing the OAuth 2.0 Authorization Flow in Python Web Applications
  • Secure Your Web Applications With Facial Authentication
  • Modern Web Applications Authentication Using Face Recognition
  • Ultimate Guide to FaceIO

Partner Resources

×

Comments
Oops! Something Went Wrong

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends:

Likes
There are no likes...yet! 👀
Be the first to like this post!
It looks like you're not logged in.
Sign in to see who liked this post!