
MITREid Connect Client Library
MITREid Connect is an open-source OpenID Connect Implementation in java for the Spring Framework, with a client library implemented as a servlet filter. This guide will integrate the example application of the client library, with Curity Identity Server.
Prerequisites
To follow this guide you need a few developer tools
- Git
- Maven
- Java 8 JDK
- The JDK need to trust the certificate of Curity Identity Server
Note
This guide assumes that a OAuth profile with the issuer https://localhost:8443/oauth/v2/anonymous
is setup and OpenID Connect Metadata needs to be enabled.
Create configuration for OIDC App
Configure Curity Identity Server
admin@localhost% edit profiles profile oauth2 oauth-service settings authorization-server client-store config-backed client mitreid
[ok][2017-08-23 07:43:18]
admin@localhost% set scope openid
[ok][2017-08-23 07:44:32]
admin@localhost% set capabilities code
[ok][2017-08-23 07:44:37]
admin@localhost% set secret !QAZxsw2
[ok][2017-08-23 07:46:04]
admin@localhost% set redirect-uris http://localhost:8080/openid_connect_login
[ok][2017-08-23 07:48:23]
admin@localhost% commit
Commit complete.
[ok][2017-08-23 07:49:14]
Checkout the Sample Application
Clone sample application
git clone https://github.com/mitreid-connect/simple-web-app
Add Curity Identity Server as a trusted issuer
Edit the servlet context src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
.
Find the StaticClientConfigurationService
bean, and add a client to the clients
map.
Static client configuration
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
<property name="clients">
<map>
<entry key="https://localhost:8443/oauth/v2/anonymous">
<bean class="org.mitre.oauth2.model.RegisteredClient">
<property name="clientId" value="mitreid"/>
<property name="clientSecret" value="!QAZxsw2"/>
<property name="scope">
<set value-type="java.lang.String">
<value>openid</value>
</set>
</property>
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC"/>
<property name="redirectUris">
<set>
<value>http://localhost:8080/openid_connect_login</value>
</set>
</property>
</bean>
</entry>
</map>
</property>
</bean>
This configuration adds a client that will use the credentials provided, and will ask Curity Identity Server for the scope openid
.
Run the sample app
Build and run the sample app
mvn jetty:run -Dorg.eclipse.jetty.annotations.maxWait=320
It takes a while to start, wait until [INFO] Started ServerConnector@123307c4{HTTP/1.1}{0.0.0.0:8080}
turns up.
To test the application, access http://localhost:8080/ in a browser and press Log In
.
You will be presented by a form where you should enter the issuer, https://localhost:8443/oauth/v2/anonymous
.
You should be redirected to Curity Identity Server to log in using an existing authenticator, and then be redirected to the sample web app, with a logged in state.