Curity MITREid Connect client library

MITREid Connect Client Library

On this page

MITREid Connect is an open-source OpenID Connect Implementation in java for the Spring Framework, with a client library implemented as a servlet filter. This guide will integrate the example application of the client library, with Curity Identity Server.


To follow this guide you need a few developer tools

  • Git
  • Maven
  • Java 8 JDK
  • The JDK need to trust the certificate of Curity Identity Server


This guide assumes that a OAuth profile with the issuer https://localhost:8443/oauth/v2/anonymous is setup and OpenID Connect Metadata needs to be enabled.

Create configuration for OIDC App

Configure Curity Identity Server

admin@localhost% edit profiles profile oauth2 oauth-service settings authorization-server client-store config-backed client mitreid
[ok][2017-08-23 07:43:18]
admin@localhost% set scope openid
[ok][2017-08-23 07:44:32]
admin@localhost% set capabilities code
[ok][2017-08-23 07:44:37]
admin@localhost% set secret !QAZxsw2
[ok][2017-08-23 07:46:04]
admin@localhost% set redirect-uris http://localhost:8080/openid_connect_login
[ok][2017-08-23 07:48:23]
admin@localhost% commit
Commit complete.
[ok][2017-08-23 07:49:14]

Checkout the Sample Application

Clone sample application

git clone

Add Curity Identity Server as a trusted issuer

Edit the servlet context src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml. Find the StaticClientConfigurationService bean, and add a client to the clients map.

Static client configuration

<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
<property name="clients">
<entry key="https://localhost:8443/oauth/v2/anonymous">
<bean class="org.mitre.oauth2.model.RegisteredClient">
<property name="clientId" value="mitreid"/>
<property name="clientSecret" value="!QAZxsw2"/>
<property name="scope">
<set value-type="java.lang.String">
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC"/>
<property name="redirectUris">

This configuration adds a client that will use the credentials provided, and will ask Curity Identity Server for the scope openid.

Run the sample app

Build and run the sample app

mvn jetty:run -Dorg.eclipse.jetty.annotations.maxWait=320

It takes a while to start, wait until [INFO] Started ServerConnector@123307c4{HTTP/1.1}{} turns up.

To test the application, access http://localhost:8080/ in a browser and press Log In.

You will be presented by a form where you should enter the issuer, https://localhost:8443/oauth/v2/anonymous.

You should be redirected to Curity Identity Server to log in using an existing authenticator, and then be redirected to the sample web app, with a logged in state.