
2.6 KiB

Account Choooser UI Application


This is Web application created in response to Issue #39 to permit the Client AuthenticationFilter to speak to multiple OpenID Connect Servers. The protocol between the Clinent and the Account Chooser UI application is documented the of the openid-connect-client submodule.


Configure AccountChooserController via configuring a AccountChooserConfig bean in the spring-servlet.xml like so:

<bean name="AccountChooserConfig" class="org.mitre.account_chooser.AccountChooserConfig">
	<property name="issuers">
			<entry key="">
				<bean class="org.mitre.account_chooser.OIDCServer">
					<property name="name" value="Example Server" />
	<property name="validClientIds" value="FGWEUIASJK, IUYTTYEV, GFHDSFYD" />

The keys must match those found in the OpenIdConnectAuthenticationFilter's configuration like so:

<bean id="openIdConnectAuthenticationFilter"
	<property name="errorRedirectURI" value="/login.jsp?authfail=openid" /> 
	<property name="authenticationManager" ref="authenticationManager" />
	<property name="accountChooserURI"
		value="" />
	<property name="accountChooserClientID" value="FGWEUIASJK" />
	<property name="oidcServerConfigs">
			<entry key="">
				<bean class="org.mitre.openid.connect.client.OIDCServerConfiguration">
					<property name="authorizationEndpointURI" 
						value="" />
					<property name="tokenEndpointURI" 
						value="" />
					<property name="checkIDEndpointURI" 
						value="" />
					<property name="clientId" 
						value="someClientId" /> 
					<property name="clientSecret" value="someClientSecret" />
			. . . 

Test the Default Configuration

To test the default config, deploy to a servlet container, and request:


Click Submit or Cancel, and you will be Google will open. Study the URL parameters of each.