From 762fe11ab193b60ce1440132f114de12f59ccd44 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Mon, 17 Mar 2014 16:41:28 -0400 Subject: [PATCH] Update README.md removed outdated configuration information and pointed to wiki, closes #561 --- openid-connect-client/README.md | 125 +------------------------------- 1 file changed, 2 insertions(+), 123 deletions(-) diff --git a/openid-connect-client/README.md b/openid-connect-client/README.md index 13fbb7337..ba97fe29c 100644 --- a/openid-connect-client/README.md +++ b/openid-connect-client/README.md @@ -4,130 +4,9 @@ This project contains an OpenID Connect Client implemented as a Spring Security AuthenticationFilter. The client facilitates a user's authentication into the secured application to an OpenID Connect Java Spring Server following the OpenID Connect Standard protocol. -For an example of the Client configuration, see the [Simple Web App] project. - ## Configuring ## -Configure the client by adding the following XML to your application context security making changes where necessary for your specific deployment. +For an example of the Client configuration, see the [Simple Web App](https://github.com/mitreid-connect/simple-web-app) project. -Open and define an HTTP security configuration with a reference to a custom ***AuthenticationEntryPoint***, described below: +Full documentation is available on the [project documentation wiki pages](https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Client-configuration). - - -Specify the access attributes and/or filter list for a particular set of URLs needing protection: - - - -Indicate that ***OIDCAuthenticationFilter*** authentication filter should be incorporated into the security filter chain: - - - -Then close the HTTP security configuration: - - - -Define a custom ***AuthenticationEntryPoint*** to use a login URL via a bean declaration: - - - - - -NOTE: The ***loginFormUrl*** value is post-pended to the URI of the application being secured to define the ***redirect_uri***, the value passed to the OIDC Server and, if the ***OIDCAuthenticationUsingChooserFilter*** is configured, also the Account Chooser Application. - -Define an ***AuthenticationManager*** with a reference to a custom authentication provider, ***OpenIDConnectAuthenticationProvider***: - - - - - -Define the custom authentication provider. Note that it does not take a UserDetailsService as input at this time but instead makes a call to the UserInfoEndpoint to fill in user information. - - - -### Configuring the OIDCAuthenticationFilter ### - -The ***OIDCAuthenticationFilter*** filter is defined with the following properties: - -* ***authenticationManager*** -- a reference to the ***AuthenticationManager*** -* ***errorRedirectURI*** -- the URI of the Error redirect - -Additionally, it contains a set of convenience methods to pass through to parameters on the ***OIDCServerConfiguration*** object that defines attributes of the server that it connects to: - -* ***issuer*** -- the root issuer string of this server (required) -* ***authorizationEndpointUrl*** -- the URL of the Authorization Endpoint (required) -* ***tokenEndpointUrl*** -- the URL of the Token Endpoint (required) -* ***jwkSigningUrl*** -- the URL of the JWK (public key) Endpoint for token verification -* ***clientId*** -- the registered client identifier (required) -* ***clientSecret*** -- the registered client secret -* ***userInfoUrl*** -- the URL of the User Info Endpoint -* ***scope*** -- space-separated list of scopes; the required value "openid" will always be prepended to the list given here - -Configure like so: - - - - - - - - - - - - - - -### Configuring the OIDCAuthenticationUsingChooserFilter ### - -For talking to multiple IdPs using an Account chooser, the ***OIDCAuthenticationUsingChooserFilter*** can be configured and used. [The Client -- Account Chooser protocol] documentation details the protocol used between the Client and an Account Chooser application. - -The ***OIDCAuthenticationUsingChooserFilter*** Authentication Filter has the following properties: - -* ***authenticationManager*** -- a reference to the ***AuthenticationManager***, -* ***errorRedirectURI*** -- the URI of the Error redirect, -* ***accountChooserURI*** -- to denote the URI of the Account Chooser, and -* ***accountChooserClient*** -- to identify the Client to the Account Chooser UI application. -* ***oidcServerConfigs*** -- a map of ***OIDCserverConfiguration***s to encapsulate the settings necesary for the client to communicate with each respective OIDC server, - -Each ***OIDCServerConfiguration*** entry in ***OIDCserverConfiguration*** map is keyed to the ***issuer*** returned from the Account Chooser Application and enumerates the following properties: - -* ***authenticationManager*** -- a reference to the ***AuthenticationManager***, -* ***issuer*** -- the root issuer string of this server (required) -* ***authorizationEndpointUrl*** -- the URL of the Authorization Endpoint (required) -* ***tokenEndpointUrl*** -- the URL of the Token Endpoint (required) -* ***jwkSigningUrl*** -- the URL of the JWK (public key) Endpoint for token verification -* ***clientId*** -- the registered client identifier (required) -* ***clientSecret*** -- the registered client secret -* ***userInfoUrl*** -- the URL of the User Info Endpoint -* ***scope*** -- space-separated list of scopes; the required value "openid" will always be prepended to the list given here - -Configure like so: - - - - - - - - - - - - - - - - - - - - -