Deploy to production

This guide explains how you can deploy your Okta-protected app to many different hosting providers. You can also host it yourself. This guide also explains how you can perform simple app deployments, for example to web servers, app stores, or Docker.

---

Learning outcomes

• Perform simple app deployments to many different hosting providers.
• Host the app yourself.

What you need

An app to deploy

---

Deploying a Java app

If you're developing a server-side application, you likely only need to do three things after deploying your app:

1. Configure your app (or server settings) to force HTTPS.
2. Configure your app to read your Okta settings (for example, issuer, client ID, and client secret) from environment variables or a secrets provider (like HashiCorp Vault).
3. Modify your Okta app to have sign-in and sign-out redirect URIs that match your production app.

Java applications typically build into a WAR or a JAR for production.

If you deploy your application as a WAR, it's possible you have a context path. If you do, add this path to your Sign-in redirect URI and your Sign-out redirect URI for your Okta app.

JAR-based Java apps usually don't have a context, and if you start them locally, they are available at http://localhost:8080.

Heroku

The easiest way to deploy your Java app to production with Okta is to use Heroku. We provide an Okta Heroku Add-on (opens new window) that auto-provisions an Okta org for you and adds the appropriate applications to it.

To begin, install the Heroku CLI (opens new window) and run heroku login.

You can deploy your Java application to Heroku in five steps:

1. Run heroku create.

2. Add the Git remote that's created as a remote for your project.

   git remote add heroku <heroku-repo>
   

3. Run heroku addons:create okta.

4. Create a Procfile that sets the PORT and your Okta configuration.

   web: java -Dserver.port=$PORT -Dokta.oauth2.client-id=${OKTA_OAUTH2_CLIENT_ID_WEB} -Dokta.oauth2.client-secret=${OKTA_OAUTH2_CLIENT_SECRET_WEB} -jar target/*.jar
   

5. Commit your changes and run git push heroku master.

If your branch isn't named master, run:

git push --set-upstream heroku <branch-name>

Tip: If you want to use a different version of Java, create a system.properties and add java.runtime.version=11 (or another version) to it.

You won't be able to sign in to your application until you add your Heroku app's URLs to your Sign-in redirect URIs and Sign-out redirect URIs on Okta.

For more information, see Deploy a Secure Spring Boot App to Heroku (opens new window).

Forcing HTTPS

You can enforce the use of HTTPS when your app is running on Heroku by adding the following configuration to your security configuration.

@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.requiresChannel()
      .requestMatchers(r -> r.getHeader("X-Forwarded-Proto") != null)
      .requiresSecure();
  }
}

Docker

You can package your Java application with Docker, too. See Angular + Docker with a Big Hug from Spring Boot (opens new window) for a blog post that details how. Specifically, see the Dockerize Angular + Spring Boot with Jib (opens new window) section.