Created Client configuration (markdown)
jricher
parent
7464c49e0a
commit
91176ed232
|
|
@ -0,0 +1,58 @@
|
|||
The client portion of MITREid Connect is usable as a Spring Security filter. The [Simple Web App](https://github.com/mitreid-connect/simple-web-app) project has an [example configuration](https://github.com/mitreid-connect/simple-web-app/blob/master/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml) for this filter in the context of a working application. This page describes the different components.
|
||||
|
||||
# Auth Provider
|
||||
|
||||
## Named administrator configuration
|
||||
|
||||
# Filter
|
||||
|
||||
There is one filter class `org.mitre.openid.connect.client.OIDCAuthenticationFilter` that handles all client (or "Relying Party") functions. It is configurable for use in different modes through the use of four different properties that can be wired through different beans as described below:
|
||||
|
||||
* `issuerService`: Determines which OpenID Connect Issuer (server) to connect to
|
||||
* `serverConfigurationService`: Provides the configuration parameters of each OpenID Connect Issuer
|
||||
* `clientConfigurationService`: Provides the configuration parameters for this client to connect to each OpenID Connect Issuer
|
||||
* `authRequestUrlBuilder`: Crafts the URL used to redirect the user to the OpenID Connect server
|
||||
|
||||
## Issuer Service
|
||||
|
||||
### Static Issuer Service
|
||||
|
||||
Always sends the user to the same issuer, very useful for tightly-coupled deployments.
|
||||
|
||||
### Third-Party Issuer Service
|
||||
|
||||
Defers to an Account Chooser to determine the issuer, expects callbacks to follow the format of the OpenID Connect [third party client login initiation protocol](http://openid.net/specs/openid-connect-standard-1_0.html#client_Initiate_login).
|
||||
|
||||
### Webfinger Discovery Issuer Service
|
||||
|
||||
Takes in input from a user form and does discovery based on the Webfinger protocol.
|
||||
|
||||
## Server Configuration
|
||||
|
||||
### Static Server Configuration
|
||||
|
||||
Provides server information such as authorization endpoint url, issuer, and other parameters for each configured issuer.
|
||||
|
||||
### Dynamically Discovered Server Configuration
|
||||
|
||||
Dynamically discovers server information for an issuer based on the [OpenID Connect Discovery protocol](http://openid.net/specs/openid-connect-discovery-1_0.html).
|
||||
|
||||
## Client Configuration
|
||||
|
||||
### Static Client Configuration
|
||||
|
||||
Provides information for a pre-registered client to connect to a server.
|
||||
|
||||
### Dynamically Registered Client Configuration
|
||||
|
||||
Dynamically registers the client for each issuer based on the template of client information.
|
||||
|
||||
## Authorization Request URL Builder
|
||||
|
||||
### Plain Authorization Request
|
||||
|
||||
Builds the URL using normal HTTP parameters.
|
||||
|
||||
### Signed Authorization Request
|
||||
|
||||
Builds the URL using a signed Request Object. This also requires configuration (and generation) of a [json web key set](wiki/Keys).
|
||||
Loading…
Reference in New Issue