Client configuration
The client portion of MITREid Connect is usable as a Spring Security filter. The Simple Web App project has an example configuration for this filter in the context of a working application. This page describes the different components.
There is one filter class org.mitre.openid.connect.client.OIDCAuthenticationFilter that handles all client (or "Relying Party") functions. It is configurable for use in different modes through the use of four different properties that can be wired through different beans as described below:
-
issuerService: Determines which OpenID Connect Issuer (server) to connect to -
serverConfigurationService: Provides the configuration parameters of each OpenID Connect Issuer -
clientConfigurationService: Provides the configuration parameters for this client to connect to each OpenID Connect Issuer -
authRequestUrlBuilder: Crafts the URL used to redirect the user to the OpenID Connect server
Always sends the user to the same issuer, very useful for tightly-coupled deployments.
Defers to an Account Chooser to determine the issuer, expects callbacks to follow the format of the OpenID Connect third party client login initiation protocol.
Takes in input from a user form and does discovery based on the Webfinger protocol.
Provides server information such as authorization endpoint url, issuer, and other parameters for each configured issuer.
Dynamically discovers server information for an issuer based on the OpenID Connect Discovery protocol.
Provides information for a pre-registered client to connect to a server.
Dynamically registers the client for each issuer based on the template of client information.
Builds the URL using normal HTTP parameters.
Builds the URL using a signed Request Object. This also requires configuration (and generation) of a json web key set.
