Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

okta-cli doesn't work behind corporate proxy #406

Open
szantopeter opened this issue Jan 30, 2023 · 7 comments
Open

okta-cli doesn't work behind corporate proxy #406

szantopeter opened this issue Jan 30, 2023 · 7 comments
Labels
bug Something isn't working

Comments

@szantopeter
Copy link

szantopeter commented Jan 30, 2023

I am running okta-cli behind a corporate proxy and it fails

okta --verbose register

2023-01-30T12:41:39.302+0100 FINE com.okta.sdk.impl.config.OptionalPropertiesSource getProperties - Unable to obtain properties from optional properties source com.okta.sdk.impl.config.ResourcePropertiesSource@a0b5266▼
2023-01-30T12:41:39.304+0100 FINE com.okta.sdk.impl.config.OptionalPropertiesSource getProperties - Unable to obtain properties from optional properties source com.okta.sdk.impl.config.YAMLPropertiesSource@26c5eaf6▼
First name: test
Last name: test
Email address: [email protected]
Country: test
Creating new Okta Organization, this may take a minute:
/2023-01-30T12:41:51.763+0100 FINE org.apache.http.client.protocol.RequestAddCookies process - CookieSpec selected: default▼
2023-01-30T12:41:51.763+0100 FINE org.apache.http.client.protocol.RequestAuthCache process - Auth cache not set in the context▼
2023-01-30T12:41:51.764+0100 FINE org.apache.http.impl.conn.PoolingHttpClientConnectionManager requestConnection - Connection request: [route: {s}->https://okta-devok12.okta.com:443][total available: 0; route allocated: 0 of 2; total allocated: 0 of 20]▼
2023-01-30T12:41:51.765+0100 FINE org.apache.http.impl.conn.PoolingHttpClientConnectionManager leaseConnection - Connection leased: [id: 0][route: {s}->https://okta-devok12.okta.com:443][total available: 0; route allocated: 1 of 2; total allocated: 1 of 20]▼
2023-01-30T12:41:51.765+0100 FINE org.apache.http.impl.execchain.MainClientExec execute - Opening connection {s}->https://okta-devok12.okta.com:443▼
2023-01-30T12:41:51.797+0100 FINE org.apache.http.impl.conn.DefaultHttpClientConnectionOperator connect - Connecting to okta-devok12.okta.com/75.2.37.199:443▼
2023-01-30T12:41:51.797+0100 FINE org.apache.http.conn.ssl.SSLConnectionSocketFactory connectSocket - Connecting socket to okta-devok12.okta.com/75.2.37.199:443 with timeout 0▼
\2023-01-30T12:42:12.825+0100 FINE org.apache.http.impl.conn.DefaultHttpClientConnectionOperator connect - Connect to okta-devok12.okta.com/75.2.37.199:443 timed out. Connection will be retried using another IP address▼
2023-01-30T12:42:12.825+0100 FINE org.apache.http.impl.conn.DefaultHttpClientConnectionOperator connect - Connecting to okta-devok12.okta.com/99.83.233.105:443▼
2023-01-30T12:42:12.826+0100 FINE org.apache.http.conn.ssl.SSLConnectionSocketFactory connectSocket - Connecting socket to okta-devok12.okta.com/99.83.233.105:443 with timeout 0▼
|2023-01-30T12:42:33.870+0100 FINE org.apache.http.impl.conn.LoggingManagedHttpClientConnection shutdown - http-outgoing-0: Shutdown connection▼
2023-01-30T12:42:33.870+0100 FINE org.apache.http.impl.execchain.ConnectionHolder abortConnection - Connection discarded▼
2023-01-30T12:42:33.871+0100 FINE org.apache.http.impl.conn.PoolingHttpClientConnectionManager releaseConnection - Connection released: [id: 0][route: {s}->https://okta-devok12.okta.com:443][total available: 0; route allocated: 0 of 2; total allocated: 0 of 20]▼
2023-01-30T12:42:33.871+0100 FINE org.apache.http.impl.conn.PoolingHttpClientConnectionManager shutdown - Connection manager is shutting down▼
2023-01-30T12:42:33.871+0100 FINE org.apache.http.impl.conn.PoolingHttpClientConnectionManager shutdown - Connection manager shut down▼

org.apache.http.conn.HttpHostConnectException: Connect to okta-devok12.okta.com:443 [okta-devok12.okta.com/75.2.37.199, okta-devok12.okta.com/99.83.233.105] failed: Connection timed out: connect
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:156)
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
        at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
        at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
        at com.okta.cli.common.service.DefaultStartRestClient.post(DefaultStartRestClient.java:124)
        at com.okta.cli.common.service.DefaultStartRestClient.post(DefaultStartRestClient.java:111)
        at com.okta.cli.common.service.DefaultOktaOrganizationCreator.createNewOrg(DefaultOktaOrganizationCreator.java:33)
        at com.okta.cli.common.service.DefaultSetupService.createOktaOrg(DefaultSetupService.java:118)
        at com.okta.cli.commands.Register.runCommand(Register.java:86)
        at com.okta.cli.commands.BaseCommand.call(BaseCommand.java:41)
        at com.okta.cli.commands.BaseCommand.call(BaseCommand.java:26)
        at picocli.CommandLine.executeUserObject(CommandLine.java:1953)
        at picocli.CommandLine.access$1300(CommandLine.java:145)
        at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2352)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2314)
        at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179)
        at picocli.CommandLine$RunLast.execute(CommandLine.java:2316)
        at picocli.CommandLine.execute(CommandLine.java:2078)
        at com.okta.cli.OktaCli.run(OktaCli.java:68)
        at com.okta.cli.OktaCli.main(OktaCli.java:58)
Caused by: java.net.ConnectException: Connection timed out: connect
        at com.oracle.svm.jni.JNIJavaCallWrappers.jniInvoke_ARRAY_ConnectException_constructor_026ed3e065cc052585fca43de83265b2d1381f28(JNIJavaCallWrappers.java:0)
        at com.oracle.svm.jni.functions.JNIFunctions$NewObjectWithObjectArrayArgFunctionPointer.invoke(JNIFunctions.java)
        at com.oracle.svm.jni.functions.JNIFunctions.ThrowNew(JNIFunctions.java:900)
        at java.net.PlainSocketImpl.connect0(PlainSocketImpl.java)
        at java.net.PlainSocketImpl.socketConnect(PlainSocketImpl.java:101)
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:412)
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:255)
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:237)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
        at java.net.Socket.connect(Socket.java:609)
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:368)
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)

I have the http_proxy and https_proxy variables set

@bdemers
Copy link
Contributor

bdemers commented Jan 30, 2023

Try setting the properties:

-Dokta.client.proxy.host=<your proxy host>
-Dokta.client.proxy.port=<your proxy port>

If you need auth, you can set ...username and ...password too.
You can also add these values to ~/.okta/okta.yaml.

@szantopeter
Copy link
Author

It doesn't seem to work. I got this

okta -Dokta.client.proxy.host=<<my proxy>> -Dokta.client.proxy.port=8080 register
Unmatched arguments from index 1: '.client.proxy.host=<<my proxy>>', '.client.proxy.port=8080'
Did you mean: generate-completion or start or register?

@bdemers
Copy link
Contributor

bdemers commented Jan 31, 2023

Sorry @szantopeter, it looks like the okta.client.proxy.* are not used on all the commands/endpoints (specifically, they are not used for start and register)

You should be able to register manually at https://developer.okta.com/signup, and then run okta login (which will prompt you for connection info). After that, you can run the okta apps command (but not start).

@bdemers bdemers added the bug Something isn't working label Jan 31, 2023
@bdemers
Copy link
Contributor

bdemers commented Jan 31, 2023

Implementation note: Ensure proxy config is used for all endpoints (currently new account signup register and downloading the list of samples start do not use the proxy info)

@szantopeter
Copy link
Author

the command

okta apps 

doesn't work either, because it would also require the proxy. I was able to register myself and register my apps through the web UI so there is a workaround, but if there is a CLI then it would be nice to use it.

@cvchavez2
Copy link

Any follow up on this? Running into the same problem when working behind a proxy and creating an app:
okta apps create

@sseekamp0
Copy link

Same issue here... any solutions to this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

4 participants