okta-cli
okta-cli copied to clipboard
Published
20 hours ago •
okta
okta
okta-cli doesn't work behind corporate proxy
I am running okta-cli behind a corporate proxy and it fails
okta --verbose register
2023-01-30T12:41:39.302+0100 FINE com.okta.sdk.impl.config.OptionalPropertiesSource getProperties - Unable to obtain properties from optional properties source com.okta.sdk.impl.config.ResourcePropertiesSource@a0b5266▼
2023-01-30T12:41:39.304+0100 FINE com.okta.sdk.impl.config.OptionalPropertiesSource getProperties - Unable to obtain properties from optional properties source com.okta.sdk.impl.config.YAMLPropertiesSource@26c5eaf6▼
First name: test
Last name: test
Email address: [email protected]
Country: test
Creating new Okta Organization, this may take a minute:
/2023-01-30T12:41:51.763+0100 FINE org.apache.http.client.protocol.RequestAddCookies process - CookieSpec selected: default▼
2023-01-30T12:41:51.763+0100 FINE org.apache.http.client.protocol.RequestAuthCache process - Auth cache not set in the context▼
2023-01-30T12:41:51.764+0100 FINE org.apache.http.impl.conn.PoolingHttpClientConnectionManager requestConnection - Connection request: [route: {s}->https://okta-devok12.okta.com:443][total available: 0; route allocated: 0 of 2; total allocated: 0 of 20]▼
2023-01-30T12:41:51.765+0100 FINE org.apache.http.impl.conn.PoolingHttpClientConnectionManager leaseConnection - Connection leased: [id: 0][route: {s}->https://okta-devok12.okta.com:443][total available: 0; route allocated: 1 of 2; total allocated: 1 of 20]▼
2023-01-30T12:41:51.765+0100 FINE org.apache.http.impl.execchain.MainClientExec execute - Opening connection {s}->https://okta-devok12.okta.com:443▼
2023-01-30T12:41:51.797+0100 FINE org.apache.http.impl.conn.DefaultHttpClientConnectionOperator connect - Connecting to okta-devok12.okta.com/75.2.37.199:443▼
2023-01-30T12:41:51.797+0100 FINE org.apache.http.conn.ssl.SSLConnectionSocketFactory connectSocket - Connecting socket to okta-devok12.okta.com/75.2.37.199:443 with timeout 0▼
\2023-01-30T12:42:12.825+0100 FINE org.apache.http.impl.conn.DefaultHttpClientConnectionOperator connect - Connect to okta-devok12.okta.com/75.2.37.199:443 timed out. Connection will be retried using another IP address▼
2023-01-30T12:42:12.825+0100 FINE org.apache.http.impl.conn.DefaultHttpClientConnectionOperator connect - Connecting to okta-devok12.okta.com/99.83.233.105:443▼
2023-01-30T12:42:12.826+0100 FINE org.apache.http.conn.ssl.SSLConnectionSocketFactory connectSocket - Connecting socket to okta-devok12.okta.com/99.83.233.105:443 with timeout 0▼
|2023-01-30T12:42:33.870+0100 FINE org.apache.http.impl.conn.LoggingManagedHttpClientConnection shutdown - http-outgoing-0: Shutdown connection▼
2023-01-30T12:42:33.870+0100 FINE org.apache.http.impl.execchain.ConnectionHolder abortConnection - Connection discarded▼
2023-01-30T12:42:33.871+0100 FINE org.apache.http.impl.conn.PoolingHttpClientConnectionManager releaseConnection - Connection released: [id: 0][route: {s}->https://okta-devok12.okta.com:443][total available: 0; route allocated: 0 of 2; total allocated: 0 of 20]▼
2023-01-30T12:42:33.871+0100 FINE org.apache.http.impl.conn.PoolingHttpClientConnectionManager shutdown - Connection manager is shutting down▼
2023-01-30T12:42:33.871+0100 FINE org.apache.http.impl.conn.PoolingHttpClientConnectionManager shutdown - Connection manager shut down▼
org.apache.http.conn.HttpHostConnectException: Connect to okta-devok12.okta.com:443 [okta-devok12.okta.com/75.2.37.199, okta-devok12.okta.com/99.83.233.105] failed: Connection timed out: connect
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:156)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at com.okta.cli.common.service.DefaultStartRestClient.post(DefaultStartRestClient.java:124)
at com.okta.cli.common.service.DefaultStartRestClient.post(DefaultStartRestClient.java:111)
at com.okta.cli.common.service.DefaultOktaOrganizationCreator.createNewOrg(DefaultOktaOrganizationCreator.java:33)
at com.okta.cli.common.service.DefaultSetupService.createOktaOrg(DefaultSetupService.java:118)
at com.okta.cli.commands.Register.runCommand(Register.java:86)
at com.okta.cli.commands.BaseCommand.call(BaseCommand.java:41)
at com.okta.cli.commands.BaseCommand.call(BaseCommand.java:26)
at picocli.CommandLine.executeUserObject(CommandLine.java:1953)
at picocli.CommandLine.access$1300(CommandLine.java:145)
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2352)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2314)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179)
at picocli.CommandLine$RunLast.execute(CommandLine.java:2316)
at picocli.CommandLine.execute(CommandLine.java:2078)
at com.okta.cli.OktaCli.run(OktaCli.java:68)
at com.okta.cli.OktaCli.main(OktaCli.java:58)
Caused by: java.net.ConnectException: Connection timed out: connect
at com.oracle.svm.jni.JNIJavaCallWrappers.jniInvoke_ARRAY_ConnectException_constructor_026ed3e065cc052585fca43de83265b2d1381f28(JNIJavaCallWrappers.java:0)
at com.oracle.svm.jni.functions.JNIFunctions$NewObjectWithObjectArrayArgFunctionPointer.invoke(JNIFunctions.java)
at com.oracle.svm.jni.functions.JNIFunctions.ThrowNew(JNIFunctions.java:900)
at java.net.PlainSocketImpl.connect0(PlainSocketImpl.java)
at java.net.PlainSocketImpl.socketConnect(PlainSocketImpl.java:101)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:412)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:255)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:237)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:609)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:368)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
I have the http_proxy and https_proxy variables set
Try setting the properties:
-Dokta.client.proxy.host=<your proxy host>
-Dokta.client.proxy.port=<your proxy port>
If you need auth, you can set ...username and ...password too.
You can also add these values to ~/.okta/okta.yaml.
It doesn't seem to work. I got this
okta -Dokta.client.proxy.host=<<my proxy>> -Dokta.client.proxy.port=8080 register
Unmatched arguments from index 1: '.client.proxy.host=<<my proxy>>', '.client.proxy.port=8080'
Did you mean: generate-completion or start or register?
Sorry @szantopeter, it looks like the okta.client.proxy.* are not used on all the commands/endpoints (specifically, they are not used for start and register)
You should be able to register manually at https://developer.okta.com/signup, and then run okta login (which will prompt you for connection info). After that, you can run the okta apps command (but not start).
Implementation note: Ensure proxy config is used for all endpoints (currently new account signup register and downloading the list of samples start do not use the proxy info)
the command
okta apps
doesn't work either, because it would also require the proxy. I was able to register myself and register my apps through the web UI so there is a workaround, but if there is a CLI then it would be nice to use it.
Any follow up on this? Running into the same problem when working behind a proxy and creating an app:
okta apps create
