GridGain Developers Hub

Integrating Control Center with Okta OpenID Authentication Server

Senior Software Engineer

This tutorial walks you through the process of integrating Control Center with Okta OpenID. OpenID is an open-standard, decentralized authentication protocol. It enables users to authenticate to collaborating sites that use third-party services. Thus, it eliminates the need for webmasters to provide their own login systems and enables users to log in to multiple unrelated websites without providing a unique identifier and password for each site. GridGain Control Center supports this mechanism. Control Center can be configured to use third-party authentication servers such as Google and Okta. We chose Okta for this tutorial because Okta provides a development environment that is free and can be used for testing.

Okta Sign In

OpenID Authentication Cluster Configuration

First, create your own free development account:

  1. Navigate to https://developer.okta.com/signup/

  2. Complete the form

  3. Verify that you are not a robot

  4. Click SIGN UP

Okta Sign Up

After logging in to the developer UI portal, create an authentication server:

  1. Navigate to the Security menu

  2. Select the API tab

  3. Select Add Authorization Server

  4. Specify a name, audience, and description for the server

Okta Add Auth Server

After you create the server, you must create at least one access policy. If there is no access policy, all user login attempts fail. For this test, you can use the default policy, as shown below:

Okta Access Policy

For other parts of the configuration, you can also use the defaults. Then, navigate to the Settings tab and click the Metadata URI link to get authentication cluster metadata.

Okta Metadata URI

Use the metadata later, to configure Control Center. The following is a metadata output example:

Okta Metadata Output

Now, create the OpenID application that is used to authenticate Control Center:

  1. Navigate to the Applications menu

  2. Select the Applications tab

  3. Click Add Application

  4. Click Create New App

    Okta Create New App
  5. In the Add Application box, select Native app

  6. Be sure that the sign on method is OpenID Connect

  7. Click Create

    Okta Create New App Integration
  8. Optional: Set the application name and application logo

  9. Set the following line to redirect URL field where you must set the Control Center host and port: http://[Control Center host]:[Control Center port]/api/v1/oauth2/login/okta

    Okta Redirect URL
  10. In the Client Credentials screen, for the Client authentication field, select Use Client Authentication

  11. Copy the Client ID and Client secret values, because they will be used for Control Center configuration

    Okta Client Data
  12. Navigate to the Directory menu

  13. Open the People tab

  14. Click Add person to create a new user

    Okta People Tab
    Okta Add Person
  15. Open your newly created application settings and edit the Assignments list to identify the people and groups who can access the Control Center UI:

    Okta Assignments List
    Okta Assignments

    You are now ready to use OpenID authentication to log in to Control Center.

Control Center Configuration

Now, configure Control Center:

  1. Download and unzip the Control Center binaries.

  2. Move to the root folder of the unzipped directory and create an application.yaml file:

    spring:
      security:
        oauth2:
          client:
            registration:
              okta:
                client-id: ****************************
                client-secret: *****************************
            provider:
              okta:
                authorization-uri: https://dev-56993928.okta.com/oauth2/ausakcamyQ0beMG3H5d6/v1/authorize
                token-uri: https://dev-56993928.okta.com/oauth2/ausakcamyQ0beMG3H5d6/v1/token
                jwk-set-uri: https://dev-56993928.okta.com/oauth2/ausakcamyQ0beMG3H5d6/v1/keys

    Find Okta client id and client-secret in the settings of the Okta application that you created recently. Find authorization-uri, token-uri, and jwk-set-uri in the metadata that you obtained earlier.

  3. Start Control Center by using the control-center.sh script

  4. Navigate to the Control Center UI and click the SIGN IN button:

    Okta Sign In With OpenID
  5. Verify that you are logged off of the Okta developer portal

  6. In the box that is outlined in red, click the circle to display the Okta login page:

    Okta Sign In (Bright)
  7. In the login box, type in your Okta credentials and click Sign In

Now, you are logged in to Okta:

Okta Signed In