OKTA OpenID using buji-pac4j

53 views
Skip to first unread message

Adrian Campanaro

unread,
Jul 29, 2021, 2:20:05 AM7/29/21
to Pac4j users mailing list

Hi
I am using buji-pac4j and in shiri.ini want it to configuire it for OKTA using something like :

okta.oauth2.issuer=https://dev-XXXXX.okta.com/oauth2/default
okta.oauth2.client-id=
okta.oauth2.client-secret=
okta.oauth2.redirect-uri=/authorization-code/callback

Is this the correct way?

Regardsa
Adrian

Jérôme LELEU

unread,
Aug 2, 2021, 4:07:33 AM8/2/21
to Adrian Campanaro, Pac4j users mailing list
Hi,

It depends on what protocol you want to use: OpenID Connect, OAuth or SAML.


Thanks.
Best regards,
Jérôme


--
You received this message because you are subscribed to the Google Groups "Pac4j users mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pac4j-users/67b6a10d-d5a7-4741-a602-317db75725ban%40googlegroups.com.

Adrian Campanaro

unread,
Aug 2, 2021, 4:21:27 AM8/2/21
to Pac4j users mailing list
Thanks Jérôme
I am using OpenId.

I am trying to figure out how to populate

oidcConfig = org.pac4j.oidc.config.OidcConfiguration
oidcConfig.clientId = 167480702619-8e1lo80dnu8bpk3k0lvvj27noin97vu9.apps.googleusercontent.com
oidcConfig.secret =MhMme_Ik6IH2JMnAT6MFIfee
oidcConfig.useNonce = true

Regards
Adrian

Jérôme LELEU

unread,
Aug 2, 2021, 4:26:40 AM8/2/21
to Adrian Campanaro, Pac4j users mailing list
Hi,

Generally, you need to define the clientId and the secret. But also the discoveryUrl.
This is certainly what is missing here.
Thanks.
Best regards,
Jérôme


Le lun. 2 août 2021 à 10:21, 'Adrian Campanaro' via Pac4j users mailing list <pac4j...@googlegroups.com> a écrit :
Thanks Jérôme
I am using OpenId.

I am trying to figure out how to populate

oidcConfig = org.pac4j.oidc.config.OidcConfiguration
oidcConfig.clientId = 167480702619-8e1lo80dnu8bpk3k0lvvj27noin97vu9.apps.googleusercontent.com
oidcConfig.secret =xxx
oidcConfig.useNonce = true

Adrian

unread,
Aug 2, 2021, 11:09:26 AM8/2/21
to Pac4j users mailing list
Hi Jérôme
Sorry about the secrets.

I had the following in Shiro
oidcConfig = org.pac4j.oidc.config.OidcConfiguration
oidcConfig.clientId = CLIENT_ID
oidcConfig.secret = CLIENT_SECRET
oidcConfig.discoveryURI = https://DOMAIN/oauth2/default/.well-known/openid-configuration

oktaClient = org.pac4j.oidc.client.OidcClient
oktaClient.configuration = $oidcConfig
oktaClient.authorizationGenerator = $roleAdminAuthGenerator

clients.callbackUrl = http://localhost:8080/callback
clients.clients = $oktaClient

oidcSecurityFilter = io.buji.pac4j.filter.SecurityFilter
oidcSecurityFilter.config = $config
oidcSecurityFilter.clients = oktaClient

/oidc/** = oidcSecurityFilter

and keep getting:

unauthorized
Home

Jérôme LELEU

unread,
Aug 4, 2021, 5:05:20 AM8/4/21
to Adrian, Pac4j users mailing list
Hi,

This looks good. Can you turn on DEBUG logs on org.pac4j ?
Thanks.
Best regards,
Jérôme


To view this discussion on the web visit https://groups.google.com/d/msgid/pac4j-users/7bf6dbff-a681-4b60-aefc-4c914d5525e9n%40googlegroups.com.
Message has been deleted

Jérôme LELEU

unread,
Aug 9, 2021, 4:33:13 AM8/9/21
to Adrian, Pac4j users mailing list
Hi,

It depends on your logging framework. For the demo, it's in this file: https://github.com/pac4j/buji-pac4j-demo/blob/master/src/main/resources/logback.xml
Thanks.
Best regards,
Jérôme


Le lun. 9 août 2021 à 10:31, Adrian <acampa...@gmail.com> a écrit :
Hi Jérôme
How do I turn on debugging?

Regards
Adrian
To view this discussion on the web visit https://groups.google.com/d/msgid/pac4j-users/02e1f8d5-50dd-436b-b539-ddd9a692a128n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages