github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9f16f309bd'
${ noResults }
OpenID-Connect-Java-Spring-.../account-chooser/README.md

2.5 KiB
Raw Blame History

Account Choooser UI Application

Overview

This is Web application created in response to Issue #39 to permit the Client AuthenticationFilter to speak to multiple OpenID Connect Servers. The protocol between the Clinent and the Account Chooser UI application is documented the README.md of the openid-connect-client submodule.

Configuration

Configure AccountChooserController via configuring a AccountChooserConfig bean in the spring-servlet.xml like so:

<bean name="AccountChooserConfig" class="org.mitre.account_chooser.AccountChooserConfig">
	<property name="issuers">
		<map>
			<entry key="http://sever.example.com:8080/openid-connect-server">
				<bean class="org.mitre.account_chooser.OIDCServer">
					<property name="name" value="Example Server" />
				</bean>
			</entry>
		</map>
	</property>
	<property name="validClientIds" value="FGWEUIASJK, IUYTTYEV, GFHDSFYD" />
</bean>

The keys must match those found in the OpenIdConnectAuthenticationFilter's configuration like so:

<bean id="openIdConnectAuthenticationFilter"
	class="org.mitre.openid.connect.client.OpenIdConnectAuthenticationFilter">
	<property name="errorRedirectURI" value="/login.jsp?authfail=openid" /> 
	<property name="authenticationManager" ref="authenticationManager" />
	<property name="accountChooserURI"
		value="http://sever.example.com:8080/account-chooser" />
	<property name="accountChooserClientID" value="FGWEUIASJK" />
	<property name="oidcServerConfigs">
		<map>
			<entry key="http://sever.example.com:8080/Fopenid-connect-server">
				<bean class="org.mitre.openid.connect.client.OIDCServerConfiguration">
					<property name="authorizationEndpointURI" 
						value="http://sever.example.com:8080/openid-connect-server/oauth/authorize" />
					<property name="tokenEndpointURI" 
						value="http://sever.example.com:8080/openid-connect-server/oauth/token" />
					<property name="checkIDEndpointURI" 
						value="http://sever.example.com:8080/openid-connect-server/checkid" />
					<property name="clientId" 
						value="someClientId" /> 
					<property name="clientSecret" value="someClientSecret" />
				</bean>
			</entry>
			. . .

Test the Default Configuration

To test the default config, deploy to a servlet container, and request:

http://localhost:8080/account-chooser/?redirect_uri=http://www.google.com&client_id=FGWEUIASJK

Click Submit or Cancel, and Google will open. Study the URL parameters of each.