MITREid Connect Client Library

tutorials

10 min

MITREid Connect is an open-source OpenID Connect Implementation in java for the Spring Framework, with a client library implemented as a servlet filter. This guide will integrate the example application of the client library, with Curity Identity Server.

Prerequisites

To follow this guide you need a few developer tools

Git
Maven
Java 8 JDK
The JDK need to trust the certificate of Curity Identity Server

Note

This guide assumes that a OAuth profile with the issuer https://localhost:8443/oauth/v2/anonymous is setup and OpenID Connect Metadata needs to be enabled.

Create configuration for OIDC App

Configure Curity Identity Server

admin@localhost% edit profiles profile oauth2 oauth-service settings authorization-server client-store config-backed client mitreid
[ok][2017-08-23 07:43:18]

admin@localhost% set scope openid
[ok][2017-08-23 07:44:32]

admin@localhost% set capabilities code
[ok][2017-08-23 07:44:37]

admin@localhost% set secret !QAZxsw2
[ok][2017-08-23 07:46:04]

admin@localhost% set redirect-uris http://localhost:8080/openid_connect_login
[ok][2017-08-23 07:48:23]

admin@localhost% commit
Commit complete.
[ok][2017-08-23 07:49:14]

Checkout the Sample Application

Clone sample application

git clone https://github.com/mitreid-connect/simple-web-app

Add Curity Identity Server as a trusted issuer

Edit the servlet context src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml. Find the StaticClientConfigurationService bean, and add a client to the clients map.

Static client configuration

<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
  <property name="clients">
    <map>
      <entry key="https://localhost:8443/oauth/v2/anonymous">
        <bean class="org.mitre.oauth2.model.RegisteredClient">
          <property name="clientId" value="mitreid"/>
          <property name="clientSecret" value="!QAZxsw2"/>
          <property name="scope">
            <set value-type="java.lang.String">
              <value>openid</value>
            </set>
          </property>
          <property name="tokenEndpointAuthMethod" value="SECRET_BASIC"/>
          <property name="redirectUris">
            <set>
              <value>http://localhost:8080/openid_connect_login</value>
            </set>
          </property>
        </bean>
      </entry>
    </map>
  </property>
</bean>

This configuration adds a client that will use the credentials provided, and will ask Curity Identity Server for the scope openid.

Run the sample app

Build and run the sample app

mvn jetty:run -Dorg.eclipse.jetty.annotations.maxWait=320

It takes a while to start, wait until [INFO] Started ServerConnector@123307c4{HTTP/1.1}{0.0.0.0:8080} turns up.

To test the application, access http://localhost:8080/ in a browser and press Log In.

You will be presented by a form where you should enter the issuer, https://localhost:8443/oauth/v2/anonymous.

You should be redirected to Curity Identity Server to log in using an existing authenticator, and then be redirected to the sample web app, with a logged in state.

Let’s Stay in Touch!

Get the latest on identity management, API Security and authentication straight to your inbox.

Keep up with our latest articles and how-tos using RSS feeds

Feedly Feedbin RSS feed