
CodyK.42482 (Customer) asked a question.
Hello All,
I am having an issue with trying to sort out a redirected issue. I can see the okta login screen and it does recognize my username. However, after I hit sign in, it loops the following sites over and over.
- https://webitg4.mutualofomaha.com/ClientInterviewVoiceList/VoiceList/login/oauth2/code/okta?code=9WW9jdbJMN9f48nxGddYD9ZuWX1r3yvr6Hs6tQtnzkA&state=IO9DBQFRAiqtU_rJAruDbB4FqdzKuCTY15nzadq4y2g%3D
- https://webitg4.mutualofomaha.com/ClientInterviewVoiceList/oauth2/authorization/okta
- https://myaccount-preview.mutualofomaha.com/oauth2/auspwnqpbqH6VDxFm1d6/v1/authorize?response_type=code&client_id=0oa2gnkougur6hyT51d7&scope=openid%20email%20profile%20ldap_civ%20AD_user_ID&state=wR2PdLS3idjf9J1M0nUg1zfRpxbgll-ZnPBxNocj2Iw%3D&redirect_uri=https://webitg4.mutualofomaha.com/ClientInterviewVoiceList/VoiceList/login/oauth2/code/okta&nonce=mCjgAx_yfce0rCwanJJHeyDsOyaPXpcpkIrGrdbM7oo
Any help would be greatly appreciated!

@CodyK.42482 (Customer) - Hi Cody,
The specific group you posted your question to is for the Workflows product. It looks like you are having sign-on issues with Okta. You would likely have better results posting this question to SSO (Single Sign-on).
Hello @CodyK.42482 (Customer) Thank you for reacting out to our Community!
You could try this article to see if it resolved this issue that you are having:
https://support.okta.com/help/s/article/Users-Experiencing-Infinite-Loop-When-Accessing-the-Okta-Dashboard?language=en_US
If this does not help, my advice would be to leverage the Okta Developer forums for this type of questions and take advantage of their expertise.
https://devforum.okta.com/
The Okta Community Catalysts Program is now live. Collect online badges when you participate in the Okta Help Center Questions community. Learn more here.
Join us in the Oktane discussion group to connect with attendees or just stay connected to the event.
it is by OIDC:
there are three step:
for the first step /authorize, after the user login, it should redirect to redirect_uri. the the redirect_uri go the code from url and send to /token with clientSecret. you can dump the network har file.
I have attached the har file.
clientVoiceListErrorLog
@CodyK.42482 (Customer)
so https://webitg4.mutualofomaha.com/ClientInterviewVoiceList/VoiceList is your service url.
when the user visit this url and if found the user not login, it redirect to:
https://webitg4.mutualofomaha.com/ClientInterviewVoiceList/oauth2/authorization/okta
and it found no user token, so it redirect to okta login portal for authorize:
https://myaccount-preview.mutualofomaha.com/oauth2/auspwnqpbqH6VDxFm1d6/v1/authorize?response_type=code&client_id=0oa2gnkougur6hyT51d7&scope=openid email profile ldap_civ AD_user_ID&state=NhacFRb_RG9Ku9bDQdBs0lBdJ7XzG3xxAYt5IKw498o=&redirect_uri=https://webitg4.mutualofomaha.com/ClientInterviewVoiceList/VoiceList/login/oauth2/code/okta&nonce=m-3x-jlglcqXvJdYqODss7c7LNsS7Pnsg9MMu33SzjY
so the redirect_uri=https://webitg4.mutualofomaha.com/ClientInterviewVoiceList/VoiceList/login/oauth2/code/okta will get the code from response and add clientSecret then send to Okta /token. but I have not find in the network.
could you provide the code how to process code and send /token and get /userinfo?
public void doFilter(ServletRequest request0, ServletResponse response0, FilterChain chain)
throws IOException, ServletException {
if (!(request0 instanceof HttpServletRequest)) {
// Not a HTTP request, pass along
chain.doFilter(request0, response0);
} else {
HttpServletRequest request = (HttpServletRequest) request0;
HttpServletResponse response = (HttpServletResponse) response0;
String currentUrl = "";
AuthUserPrincipal userPrincipal;
if (request.getRequestURL() != null) {
currentUrl = request.getRequestURL().toString();
}
if (!ignore(currentUrl) && request.getUserPrincipal() != null) {
OAuth2AuthenticationToken userData = (OAuth2AuthenticationToken) request.getUserPrincipal();
OAuth2User userInfo = userData.getPrincipal();
String username = userInfo.getAttribute(//user ID here);
userPrincipal = getUserPrincipal(username);
LdapUser user = getLdapUser(request, userPrincipal.getName());
if (user.isAbleToAccessApp()) {
request.getSession().setAttribute(IValues.SESSION_ATTRIBUTE_KEY_LDAPUSER, user);
chain.doFilter(request, response);
} else {
request.getRequestDispatcher("/jsp/noaccess.html").forward(request, response);
}
} else {
chain.doFilter(request, response);
}
}
}
private boolean ignore(String currentUrl) {
boolean ignore = false;
if (!currentUrl.matches(IGNORE_PATTERN)) {
for (String url : ignoredUrlSuffixes) {
if (currentUrl.endsWith(url)) {
ignore = true;
}
}
} else {
ignore = true;
}
return ignore;
}
private LdapUser getLdapUser(HttpServletRequest request, String userId) {
LdapUser user = null;
if (request != null && request.getSession().getAttribute(IValues.SESSION_ATTRIBUTE_KEY_LDAPUSER) != null) {
user = (LdapUser) request.getSession().getAttribute(IValues.SESSION_ATTRIBUTE_KEY_LDAPUSER);
}
if (user == null) {
user = ldapDAO.getLdapUser(userId);
if (request != null) {
request.getSession().setAttribute(IValues.SESSION_ATTRIBUTE_KEY_LDAPUSER, user);
}
}
return user;
}
private AuthUserPrincipal getUserPrincipal(String userId) {
AuthUserPrincipal retVal = null;
if (userId != null) {
retVal = new AuthUserPrincipal(userId);
}
return retVal;
}
I have been able to access in local, however it's pretty messy comparatively. I have attached the har file for it as well.
localhost_cliesntVoiceList