On this page
MITREid Connect is an open-source OpenID Connect Implementation in java for the Spring Framework, with a client library implemented as a servlet filter. This guide will integrate the example application of the client library, with Curity Identity Server.
Prerequisites
To follow this guide you need a few developer tools
- Git
- Maven
- Java 8 JDK
- The JDK need to trust the certificate of Curity Identity Server
Note
This guide assumes that a OAuth profile with the issuer https://localhost:8443/oauth/v2/anonymous
is setup and OpenID Connect Metadata needs to be enabled.
Create configuration for OIDC App
Configure Curity Identity Server
admin@localhost% edit profiles profile oauth2 oauth-service settings authorization-server client-store config-backed client mitreid[ok][2017-08-23 07:43:18]admin@localhost% set scope openid[ok][2017-08-23 07:44:32]admin@localhost% set capabilities code[ok][2017-08-23 07:44:37]admin@localhost% set secret !QAZxsw2[ok][2017-08-23 07:46:04]admin@localhost% set redirect-uris http://localhost:8080/openid_connect_login[ok][2017-08-23 07:48:23]admin@localhost% commitCommit complete.[ok][2017-08-23 07:49:14]
Checkout the Sample Application
Clone sample application
git clone https://github.com/mitreid-connect/simple-web-app
Add Curity Identity Server as a trusted issuer
Edit the servlet context src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
.
Find the StaticClientConfigurationService
bean, and add a client to the clients
map.
Static client configuration
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService"><property name="clients"><map><entry key="https://localhost:8443/oauth/v2/anonymous"><bean class="org.mitre.oauth2.model.RegisteredClient"><property name="clientId" value="mitreid"/><property name="clientSecret" value="!QAZxsw2"/><property name="scope"><set value-type="java.lang.String"><value>openid</value></set></property><property name="tokenEndpointAuthMethod" value="SECRET_BASIC"/><property name="redirectUris"><set><value>http://localhost:8080/openid_connect_login</value></set></property></bean></entry></map></property></bean>
This configuration adds a client that will use the credentials provided, and will ask Curity Identity Server for the scope openid
.
Run the sample app
Build and run the sample app
mvn jetty:run -Dorg.eclipse.jetty.annotations.maxWait=320
It takes a while to start, wait until [INFO] Started ServerConnector@123307c4{HTTP/1.1}{0.0.0.0:8080}
turns up.
To test the application, access http://localhost:8080/
in a browser and press Log In
.
You will be presented by a form where you should enter the issuer, https://localhost:8443/oauth/v2/anonymous
.
You should be redirected to Curity Identity Server to log in using an existing authenticator, and then be redirected to the sample web app, with a logged in state.