Versions Compared

Old Version 5

changes.mady.by.user Karl Henselin

Saved on

compared with

New Version Current

changes.mady.by.user Abhishek Jadhav

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You must also download the Okta Certificate (from within the Okta Edit SAML Settings).

Download he the SHA-2 certificate.

...

You can use the same keystore which was created as part of the HTTPS configuration, or create one using a command like this

...

Code Block
/u01/java/jdk1.8.0_281/bin/keytool -import -alias okta -file /var/tmp/okta.cert -keystore /home/oracle/flexdeploy.keystore

If you didn’t already create a private key for the purpose of https, perhaps due to using a load balancer, you will need to generate a private key with a password.

Code Block
keytool -genkey -keyalg RSA -alias tomcatserver -keystore /home/oracle/flexdeploy.keystore -validity 3650 -keysize 2048

You will need to define an application in your Okta console.

...

  • FLEXDEPLOY_HOME - Directory on the server where FlexDeploy is installed

  • KEYSTORE_PASSWORD - The Java key store password.

  • PRIVATE_KEY_PASSWORD -The private key password.

  • OKTA_METADATA_URL - The URL (from Okta) to the identity provider metadata (e.g. https://dev-484624.okta.com/app/exk4c1ilhiTs3dKRb4y5/sso/saml/metadata).

  • FLEXDEPLOY_HOST - FlexDeploy application host

  • FLEXDEPLOY_PORT - FlexDeploy application port

  • AUDIENCE_RESTRICTION - The Audience Restriction or Audience URI (SP Entity ID) found in the Okta UI.

  • PATH_TO_YOUR_KEYSTORE_FILE - The path to the keystore, including the file name and extension.

Example fdsso.config file for Okta (SAML 2.0)

Info

Change log

  • FlexDeploy 6.0.0.0 - The values for excludedPathMatcher.excludedPath, and logout.defaultUrl have changed

Code Block
callbackFilter.defaultUrl = /flexdeploy
saml2Config = org.pac4j.saml.config.SAML2Configuration
saml2Config.keystorePath = PATH_TO_YOUR_KEYSTORE_FILE
saml2Config.keystorePassword = KEYSTORE_PASSWORD
saml2Config.privateKeyPassword = PRIVATE_KEY_PASSWORD
saml2Config.identityProviderMetadataPath = OKTA_METADATA_URL
saml2Config.maximumAuthenticationLifetime = 3600
saml2Config.serviceProviderEntityId = AUDIENCE_RESTRICTION
saml2Config.serviceProviderMetadataPath = FLEXDEPLOY_HOME/apache-tomcat-flexdeploy/sso/FlexDeployMetadata.xml
saml2Client = org.pac4j.saml.client.SAML2Client
saml2Client.configuration = $saml2Config
clients.callbackUrl = https://FLEXDEPLOY_HOST:FLEXDEPLOY_PORT/flexdeploy/callback
clients.clients=$saml2Client
isAuthenticatedAdmin = org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer
excludedPathMatcher = org.pac4j.core.matching.matcher.PathMatcher
excludedPathMatcher.excludedPath = /next/#/login
config.authorizers = admin:$isAuthenticatedAdmin
config.matchers = excludedPath:$excludedPathMatcher
ssoFilter = flexagon.fd.ui.security.FlexPac4jFilter
ssoFilter.config = $config
ssoFilter.clients = SAML2Client
ssoFilter.matchers = nocache
ssoFilter.authorizers = admin
logout = io.buji.pac4j.filter.LogoutFilter
logout.config = $config
logout.localLogout = true
logout.centralLogout = truefalse
logout.defaultUrl = https://FLEXDEPLOY_HOST:FLEXDEPLOY_PORT/flexdeploy/next/#/home

Info

Configuration Tips

If the Java keystore referenced (line 23) does not exist, it will automatically be created, and key will be generated and inserted into the keystore using the passwords provided (line 3 and 4).

The Okta Identity Provider Metadata can be found from within the Sign On tab of your Okta application.