Integrating PicketLink with OKTA for SAML based SSO

August 17, 2017

Security

JBoss Application Server ships with PicketLink module for enabling SAML based SSO. PicketLink is an open source module and it is SAML v2.0 complained, for more information about 'PicketLink' please visit picketlink.org.

Now the requirement is to enable SAML based SSO in JBoss Application Server where IDP is OKTA.

Before we start enabling this, one should have an OKTA organization, a free developer organization can be created here.

If you already have an OKTA organization, you need to set up a SAML application by following the steps below.

Login into your OKTA organization and click on “Admin”.
Click on Applications.
Add a new application.
Create a new application.
Keep the Platform as the web and select sign method as SAML 2.0 and click on create.
Give your application a name and click on next.
In this section, you need to do your SAML configuration.
Note: Here we are not using any advanced setting, if you want your assertion to be signed and encrypted you can check in the advanced settings.
Once done, click on finish. For more information, you can refer to OKTA documentation.
Coming to the part of the PicketLink configuration, you have to be aware of your SP and IDP URL, you can find your IDP url from OKTA by following the steps below.
- Navigating into application into your newly created application.
- Navigate to “Sign On” tab and click “View Setup Instruction” and you will find “Identity Provider Single Sign-On URL”.
In the JBoss application server end, you can try with this application, here you just need to change the IDP url in picketlink.xml and use OKTA URL which you received in the previous step, you also need to change the SP url (https://localhost:8443/picketlink-enc/). Make sure that context-root is set as "picketlink-enc" in jboss-web.xml .
To login into the application, you need to assign users in OKTA for the application you have created.
Now you can get access to your application (https://localhost:8443/picketlink-enc/) authenticating via OKTA.

Click here and quickly get started with the JBoss EAP download.

Last updated: March 23, 2023

Report a website issue

Linux

Java runtimes & frameworks

Kubernetes

Integration & App Connectivity

Automation

Developer tools

Developer Sandbox for Red Hat OpenShift

Programming Languages & Frameworks

System Design & Architecture

Developer Productivity

Secure Development & Architectures

Platform Engineering

Automated Data Processing

Start exploring in the Developer Sandbox for free

Interactive Lessons and Learning Paths

Developer Sandbox Activities

E-Books

Tutorials

Cheat Sheets

API Catalog

Red Hat Learning

Tech Talks

Deep Dives

Red Hat Summit 2024

Integrating PicketLink with OKTA for SAML based SSO

C# 12: Collection expressions and primary constructors

Red Hat Trusted Software Supply Chain is now available

Synchronize instance tags from Amazon EC2 and Microsoft Azure with Red Hat Insights

Containerize Node.js applications at the edge on RHEL and Fedora

How to monitor OpenShift using the Datadog Operator

Products

Build

Quicklinks

Communicate

RED HAT DEVELOPER

Red Hat legal and privacy links

Red Hat legal and privacy links

Report a website issue