[FIXED] Okta SSO integration with Spring MVC

Issue

I am working on a POC to integrate the Okta SSO with Spring MVC with custom login and index jsp pages.I have configured the Okta account and configured Sign-in redirect URIs and Sign-out redirect URIs

I am referring : href="https://github.com/okta/samples-java-spring/tree/master/custom-login" rel="nofollow noreferrer">https://github.com/okta/samples-java-spring/tree/master/custom-login

Sign-in redirect URIs : http://localhost:8080/authorization-code/callback. Below is my appication yaml file content

  port: 8080

spring:
  security:
    oauth2:
      client:
        provider:
          okta:
            authorization-uri: http://localhost:8080/custom-login
            user-name-attribute: email

okta:
  oauth2:
    redirect-uri: https://dev-14057786.okta.com/oauth2/default
    client-id: <client ID>
    client-secret: <client-secret>
    issuer: https://dev-14057786.okta.com/oauth2/default
    scopes:
    - openid
    - email
    - profile

I am able to get the Okta login page, once i click on login, I am getting below error:

java.lang.IllegalStateException: The port must be an integer: 8080https:
    at org.springframework.web.util.HierarchicalUriComponents.getPort(HierarchicalUriComponents.java:200) ~[spring-web-5.3.22.jar:5.3.22]
    at org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter.matchesAuthorizationResponse(OAuth2AuthorizationCodeGrantFilter.java:196) ~[spring-security-oauth2-client-5.7.3.jar:5.7.3]
    at org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter.doFilterInternal(OAuth2AuthorizationCodeGrantFilter.java:164) ~[spring-security-oauth2-client-5.7.3.jar:5.7.3]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3]
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109) ~[spring-security-web-5.7.3.jar:5.7.3]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3]
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149) ~[spring-security-web-5.7.3.jar:5.7.3]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3]
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-5.7.3.jar:5.7.3]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3]
    at org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter.doFilterInternal(DefaultLogoutPageGeneratingFilter.java:58) ~[spring-security-web-5.7.3.jar:5.7.3]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22]

appriciate any help on this.

Solution

You need to correct the redirect-uri in application.yml file.

okta:
  oauth2:
    redirect-uri: https://dev-14057786.okta.com/oauth2/default

You've mentioned the endpoint of issuer aka auth server which is incorrect. It needs to be client app endpoint. For this specific application you just need to set the redirect-uri as following

okta:
  oauth2:
    redirect-uri: /authorization-code/callback 

Answered By - harry
Answer Checked By - Marilyn (JavaFixing Volunteer)