-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proxy configuration not working on Spring Boot 2.2x, Spring Security 5.2.x, Okta-spring-boot-starter 1.3.x #203
Comments
related issue/thread on Spring Security |
@car51901 Thanks for the question! Spring Security's built-in Spring Security team has published a well detailed reference of how to customize Let me know if you're looking for anything in particular for your use-case. |
Related Issue: spring-projects/spring-security#9101 |
Well, but it doesn't, i have a POC spring boot app I could zip and give you, that fails to honor the proxy config. It could also be the Okta userService class that extends DefaultOAuth2UserService. I could also have something setup wrong. Let me review/read through the comments on the #8882 issue, and see if I can get that to work first. |
@car51901 sure, keep us posted! |
closed by mistake, reopened |
@car51901 I did analyze this and was able to reproduce this issue. Will create an internal ticket to add a workaround in our SDK to support Proxy. Meanwhile, out of curiosity, any luck with the recommendations at spring-projects/spring-security#8882 (comment)? |
no and yes. added the security config from #8882, but request is failing with "Invalid CSRF token found for http://127.0.0.1:8080/api/...." even though disabled it in the configure method, e.g.
However, I did get authentication to work using the okta libs. Been running app via spring boot maven plugin, run goal, and figured out that Maven boot plugin is forking a new jvm and the system properties not getting passed (though it seemed to work before). Works when I set system props in the plugin config.:
|
@car51901 do you have any follow-up questions for us on this? If not, can we close this? |
I am configuring a REST app as a resource server. I have integration with Okta working for a POC REST app, using Spring Boot 2.0.5 (w spring security 5.0.8), okta-spring-boot-starter 0.6.0, and spring-security-oauth2-autoconfigure 2.0.5. That’s what your example article is using, and I can get an access token from my okta developer auth service, and authenticate to the REST app with it, and everything works great.
I'm on corp network, so have to configure the https proxy host and port for the JVM, e.g. https.proxyHost, https.proxyPort, without setting those, i get connection failures hitting the okta auth service.
I’ve copied the app, upgraded to Spring boot 2.2.x (with spring security 5.2.2) and okta-spring-boot-start 1.3.0, and get connection timeout trying to hit the openid config, e.g. https://dev-nnnnnn.okta.com/oauth2/default/.well-known/openid-configuration. The JVM proxy system properties seem to be ignored with these versions of the dependencies, as I set them and still get connection failure.
Appears to be known issue with Spring Security, see issue link. Suggestion from one of the Spring Security authors, seems like a lot of manual config, and frankly the implementation isn't clear. Appears Spring Security, and the Okta extensions, create a default RestTemplate, does not seem possible to easily override it with a template that is configured to use a proxy.
Would hope that the Okta security classes could just check for the jvm proxy system properties, and configure the RestTemplate to use proxy, if needed.
The text was updated successfully, but these errors were encountered: