A Spring Boot example app that shows how to implement single sign-on (SSO) with Spring Security's SAML and Okta.
Please read Get Started with Spring Boot, SAML, and Okta to see how this app was created.
Prerequisites:
- SDKMAN (for Java 17)
Okta has Authentication and User Management APIs that reduce development time with instant-on, scalable user infrastructure. Okta's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.
To install this example application, run the following commands:
git clone https://github.com/oktadev/okta-spring-boot-saml-example.git
cd okta-spring-boot-saml-example
To begin, you'll need an Okta developer account. You can create one at developer.okta.com/signup or install the Okta CLI and run okta register
.
Then, log in to your account and go to Applications > Create App Integration. Select SAML 2.0 and click Next. Name your app something like Spring Boot SAML
and click Next.
Use the following settings:
- Single sign on URL:
http://localhost:8080/login/saml2/sso/okta
- Use this for Recipient URL and Destination URL: ✅ (the default)
- Audience URI:
http://localhost:8080/saml2/service-provider-metadata/okta
Then click Next. Select the following options:
- I'm an Okta customer adding an internal app
- This is an internal app that we have created
Select Finish.
Okta will create your app, and you will be redirected to its Sign On tab. Scroll down to the SAML Signing Certificates and go to SHA-2 > Actions > View IdP Metadata. You can right-click and copy this menu item's link or open its URL. Copy the resulting link to your clipboard. It should look something like the following:
https://dev-13337.okta.com/app/<random-characters>/sso/saml/metadata
Go to your app's Assignment tab and assign access to the Everyone group.
Sign up for an Auth0 account or log in with your existing one. Navigate to Applications > Create Application > Regular Web Applications > Create.
Select the Settings tab and change the name to Spring Boot SAML
. Add http://localhost:8080/login/saml2/sso/auth0
as an Allowed Callback URL.
Scroll to the bottom, expand Advanced Settings, and go to Endpoints. Copy the value of the SAML Metadata URL. Select Save Changes.
Clone the auth0
branch, which contains changes to look for Auth0 attributes instead of Okta attributes.
git clone -b auth0 https://github.com/oktadev/okta-spring-boot-saml-example.git
cd okta-spring-boot-saml-example
Copy your SAML Metadata URL into src/main/resources/application.yml
:
spring:
security:
saml2:
relyingparty:
registration:
auth0:
assertingparty:
metadata-uri: <your-auth0-metadata-uri>
...
Run your Spring Boot app from your IDE or using the command line:
./gradlew bootRun
Open http://localhost:8080
in your favorite browser and log in with the credentials you used to create your account.
You should see a successful result in your browser.
If you want to make the logout button work and display a user's attributes, please read the blog post.
This example uses Spring Boot and Spring Security SAML to integrate with Okta and Auth0.
Please post any questions as comments on the blog post, visit the Okta Developer Forums, or talk to us on the Auth0 Community Forums.
Apache 2.0, see LICENSE.