Curity MITREid Connect client library

MITREid Connect Client Library

On this page

MITREid Connect is an open-source OpenID Connect Implementation in java for the Spring Framework, with a client library implemented as a servlet filter. This guide will integrate the example application of the client library, with Curity Identity Server.


To follow this guide you need a few developer tools

  • Git
  • Maven
  • Java 8 JDK
  • The JDK need to trust the certificate of Curity Identity Server


This guide assumes that a OAuth profile with the issuer https://localhost:8443/oauth/v2/anonymous is setup and OpenID Connect Metadata needs to be enabled.

Create configuration for OIDC App

Configure Curity Identity Server

admin@localhost% edit profiles profile oauth2 oauth-service settings authorization-server client-store config-backed client mitreid
[ok][2017-08-23 07:43:18]
admin@localhost% set scope openid
[ok][2017-08-23 07:44:32]
admin@localhost% set capabilities code
[ok][2017-08-23 07:44:37]
admin@localhost% set secret !QAZxsw2
[ok][2017-08-23 07:46:04]
admin@localhost% set redirect-uris http://localhost:8080/openid_connect_login
[ok][2017-08-23 07:48:23]
admin@localhost% commit
Commit complete.
[ok][2017-08-23 07:49:14]

Checkout the Sample Application

Clone sample application

git clone

Add Curity Identity Server as a trusted issuer

Edit the servlet context src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml. Find the StaticClientConfigurationService bean, and add a client to the clients map.

Static client configuration

<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
<property name="clients">
<entry key="https://localhost:8443/oauth/v2/anonymous">
<bean class="org.mitre.oauth2.model.RegisteredClient">
<property name="clientId" value="mitreid"/>
<property name="clientSecret" value="!QAZxsw2"/>
<property name="scope">
<set value-type="java.lang.String">
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC"/>
<property name="redirectUris">

This configuration adds a client that will use the credentials provided, and will ask Curity Identity Server for the scope openid.

Run the sample app

Build and run the sample app

mvn jetty:run -Dorg.eclipse.jetty.annotations.maxWait=320

It takes a while to start, wait until [INFO] Started ServerConnector@123307c4{HTTP/1.1}{} turns up.

To test the application, access http://localhost:8080/ in a browser and press Log In.

You will be presented by a form where you should enter the issuer, https://localhost:8443/oauth/v2/anonymous.

You should be redirected to Curity Identity Server to log in using an existing authenticator, and then be redirected to the sample web app, with a logged in state.

Join our Newsletter

Get the latest on identity management, API Security and authentication straight to your inbox.

Start Free Trial

Try the Curity Identity Server for Free. Get up and running in 10 minutes.

Start Free Trial