OpenID-Connect-Java-Spring-.../openid-connect-client/README.md

# OpenID Connect Client

## Overview 

This is the Client, a Spring Security AuthenticationFilter, to OpenID Connect Java Spring Server described by [OpenID Connect Standard].

## Configuration of OIDCAuthenticationFilter

Configure the OIDCAuthenticationFilter by adding the XML to your application context security like so:

	<security:http auto-config="false" 
		use-expressions="true"
		disable-url-rewriting="true" 
		entry-point-ref="authenticationEntryPoint" 
		pattern="/**">

		<security:intercept-url 
			pattern="/somepath/**" 
			access="denyAll" />

		<security:custom-filter 
			before="PRE_AUTH_FILTER 
			ref="openIdConnectAuthenticationFilter" />
	
		<security:intercept-url 
			pattern="/**" 
			access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" /> 
		
		<security:logout />
		
		<securityLremember-me user-service-ref="myUserDetailsService"
	</security:http>
	
	<bean id="authenticationEntryPoint" 
		class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> 
		<property name="loginFormUrl" 
			value="/openid_connect_login"/> 
	</bean>
	
	<security:authentication-manager alias="authenticationManager" /> 

	<bean id="openIdConnectAuthenticationProvider"
		class='org.mitre.openid.connect.client.OIDCAuthenticationProvider">
		<property name="userDetaulsService" ref="myUserDetailsService"/>
	</bean>

	<bean id="openIdConnectAuthenticationFilter"
		class="org.mitre.openid.connect.client.OpenIdConnectAuthenticationFilter">
		<property name="authenticationManager"
			ref="authenticationManager" />
		<property name="errorRedirectURI" 
			value="/login.jsp?authfail=openid" />
		<property name="authorizationEndpointURI" 
			value="http://sever.example.com:8080/openid-connect-server/oauth/authorize" />
		<property name="tokenEndpointURI" 
			value="http://sever.example.com:8080/openid-connect-server/oauth/token" />
		<property name="checkIDEndpointURI" 
			value="http://sever.example.com:8080/openid-connect-server/checkid" />
		<property name="clientId" 
			value="someClientId" /> 
		<property name="clientSecret" value="someClientSecret" /> 
	</bean>

You will need to implement your own UserDetailsService and configure as the above does with the reference to *myUserDetailsService*.

## Configuration of OIDCAuthenticationUsingChooserFilter

The OIDCAuthenticationUsingChooserFilter was written in response to [Issue #39].

Th Authentication Filter use the *oidcServerConfigs* property, a map of OIDC servers, an *accountChooserURI* property to denote the URI of the Account Chooser, and an *accountChooserClient* property to identify the Client to the Account Chooser UI application like so:
	
	<bean id="openIdConnectAuthenticationFilter"
		class="org.mitre.openid.connect.client.OIDCAuthenticationUsingChooserFilter">
		<property name="errorRedirectURI" value="/login.jsp?authfail=openid" /> 
		<property name="authenticationManager" ref="authenticationManager" />
		<property name="accountChooserURI"
			value="http://sever.example.com:8080/account-chooser" />
		<property name="accountChooserClientID" value="FGWEUIASJK" />
		<property name="oidcServerConfigs">
			<map>
				<entry key="http://sever.example.com:8080/Fopenid-connect-server">
					<bean class="org.mitre.openid.connect.client.OIDCServerConfiguration">
						<property name="authorizationEndpointURI" 
							value="http://sever.example.com:8080/openid-connect-server/oauth/authorize" />
						<property name="tokenEndpointURI" 
							value="http://sever.example.com:8080/openid-connect-server/oauth/token" />
						<property name="checkIDEndpointURI" 
							value="http://sever.example.com:8080/openid-connect-server/checkid" />
						<property name="clientId" 
							value="someClientId" /> 
						<property name="clientSecret" value="someClientSecret" />
					</bean>
				</entry>
				<entry key=". . .
			</map>
		</property>
	</bean>
	
Again, you will need to implement your own UserDetailsService and configure as the above does with the reference to *myUserDetailsService*.	

[OpenID Connect Standard]: http://openid.net/specs/openid-connect-standard-1_0.html "OpenID Connect Standard 1.0"
[OpenID Connect Standard]: http://openid.net/specs/openid-connect-standard-1_0.html#code_flow "Authorization Code Flow, OpenID Connect Standard"
[Issuer Identifier]: http://openid.net/specs/openid-connect-messages-1_0.html#issuer_identifier "Issuer Identifier"
[Issue #39]: http://github.com/jricher/OpenID-Connect-Java-Spring-Server/issues/39 "Issue #39 -- Multiple Point Client"
issue #39 13 years ago			`# OpenID Connect Client`

			`## Overview`

			`This is the Client, a Spring Security AuthenticationFilter, to OpenID Connect Java Spring Server described by [OpenID Connect Standard].`

mods to reflect client <-> account chooser protocol, and refactoring... 13 years ago			`## Configuration of OIDCAuthenticationFilter`
issue #39 13 years ago
mods to reflect client <-> account chooser protocol, and refactoring... 13 years ago			`Configure the OIDCAuthenticationFilter by adding the XML to your application context security like so:`
issue #39 13 years ago
			`<security:http auto-config="false"`
			`use-expressions="true"`
			`disable-url-rewriting="true"`
			`entry-point-ref="authenticationEntryPoint"`
			`pattern="/**">`

			`<security:intercept-url`
			`pattern="/somepath/**"`
			`access="denyAll" />`

			`<security:custom-filter`
			`before="PRE_AUTH_FILTER`
			`ref="openIdConnectAuthenticationFilter" />`

			`<security:intercept-url`
			`pattern="/**"`
			`access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" />`

			`<security:logout />`

			`<securityLremember-me user-service-ref="myUserDetailsService"`
			`</security:http>`

			`<bean id="authenticationEntryPoint"`
			`class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">`
			`<property name="loginFormUrl"`
			`value="/openid_connect_login"/>`
			`</bean>`

			`<security:authentication-manager alias="authenticationManager" />`

			`<bean id="openIdConnectAuthenticationProvider"`
mods to reflect client <-> account chooser protocol, and refactoring... 13 years ago			`class='org.mitre.openid.connect.client.OIDCAuthenticationProvider">`
issue #39 13 years ago			`<property name="userDetaulsService" ref="myUserDetailsService"/>`
			`</bean>`

			`<bean id="openIdConnectAuthenticationFilter"`
			`class="org.mitre.openid.connect.client.OpenIdConnectAuthenticationFilter">`
			`<property name="authenticationManager"`
			`ref="authenticationManager" />`
			`<property name="errorRedirectURI"`
			`value="/login.jsp?authfail=openid" />`
			`<property name="authorizationEndpointURI"`
readme tweaks. 13 years ago			`value="http://sever.example.com:8080/openid-connect-server/oauth/authorize" />`
issue #39 13 years ago			`<property name="tokenEndpointURI"`
readme tweaks. 13 years ago			`value="http://sever.example.com:8080/openid-connect-server/oauth/token" />`
issue #39 13 years ago			`<property name="checkIDEndpointURI"`
			`value="http://sever.example.com:8080/openid-connect-server/checkid" />`
			`<property name="clientId"`
			`value="someClientId" />`
			`<property name="clientSecret" value="someClientSecret" />`
			`</bean>`

			`You will need to implement your own UserDetailsService and configure as the above does with the reference to myUserDetailsService.`

mods to reflect client <-> account chooser protocol, and refactoring... 13 years ago			`## Configuration of OIDCAuthenticationUsingChooserFilter`
issue #39 13 years ago
mods to reflect client <-> account chooser protocol, and refactoring... 13 years ago			`The OIDCAuthenticationUsingChooserFilter was written in response to [Issue #39].`
issue #39 13 years ago
mods to reflect client <-> account chooser protocol, and refactoring... 13 years ago			`Th Authentication Filter use the oidcServerConfigs property, a map of OIDC servers, an accountChooserURI property to denote the URI of the Account Chooser, and an accountChooserClient property to identify the Client to the Account Chooser UI application like so:`
issue #39 13 years ago
			`<bean id="openIdConnectAuthenticationFilter"`
mods to reflect client <-> account chooser protocol, and refactoring... 13 years ago			`class="org.mitre.openid.connect.client.OIDCAuthenticationUsingChooserFilter">`
issue #39 13 years ago			`<property name="errorRedirectURI" value="/login.jsp?authfail=openid" />`
			`<property name="authenticationManager" ref="authenticationManager" />`
mods to reflect client <-> account chooser protocol, and refactoring... 13 years ago			`<property name="accountChooserURI"`
issue #39 13 years ago			`value="http://sever.example.com:8080/account-chooser" />`
mods to reflect client <-> account chooser protocol, and refactoring... 13 years ago			`<property name="accountChooserClientID" value="FGWEUIASJK" />`
issue #39 13 years ago			`<property name="oidcServerConfigs">`
			`<map>`
mods to reflect client <-> account chooser protocol, and refactoring... 13 years ago			`<entry key="http://sever.example.com:8080/Fopenid-connect-server">`
issue #39 13 years ago			`<bean class="org.mitre.openid.connect.client.OIDCServerConfiguration">`
			`<property name="authorizationEndpointURI"`
readme tweaks. 13 years ago			`value="http://sever.example.com:8080/openid-connect-server/oauth/authorize" />`
issue #39 13 years ago			`<property name="tokenEndpointURI"`
readme tweaks. 13 years ago			`value="http://sever.example.com:8080/openid-connect-server/oauth/token" />`
issue #39 13 years ago			`<property name="checkIDEndpointURI"`
			`value="http://sever.example.com:8080/openid-connect-server/checkid" />`
			`<property name="clientId"`
			`value="someClientId" />`
			`<property name="clientSecret" value="someClientSecret" />`
			`</bean>`
			`</entry>`
mods to reflect client <-> account chooser protocol, and refactoring... 13 years ago			`<entry key=". . .`
issue #39 13 years ago			`</map>`
			`</property>`
			`</bean>`

mods to reflect client <-> account chooser protocol, and refactoring... 13 years ago			`Again, you will need to implement your own UserDetailsService and configure as the above does with the reference to myUserDetailsService.`
issue #39 13 years ago
			`[OpenID Connect Standard]: http://openid.net/specs/openid-connect-standard-1_0.html "OpenID Connect Standard 1.0"`
			`[OpenID Connect Standard]: http://openid.net/specs/openid-connect-standard-1_0.html#code_flow "Authorization Code Flow, OpenID Connect Standard"`
mods to reflect client <-> account chooser protocol, and refactoring... 13 years ago			`[Issuer Identifier]: http://openid.net/specs/openid-connect-messages-1_0.html#issuer_identifier "Issuer Identifier"`
issue #39 13 years ago			`[Issue #39]: http://github.com/jricher/OpenID-Connect-Java-Spring-Server/issues/39 "Issue #39 -- Multiple Point Client"`