Skip to content
jricher edited this page Apr 17, 2013 · 6 revisions

Welcome to the simple-web-app wiki!


To use request objects, replace the OpenIdConnectAuthenticationFilter bean declaration with the following:

<bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="serverConfigurationService">
            <bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService">
                <property name="servers">
                    <map>
                        <entry key="${idp.url}">
                            <bean class="org.mitre.openid.connect.config.ServerConfiguration">
                                <property name="issuer" value="${idp.url}" />
                                <property name="authorizationEndpointUri"    value="${idp.url}authorize" />
                                <property name="tokenEndpointUri"    value="${idp.url}token" />
                                <property name="userInfoUri" value="${idp.url}userinfo" />
                                <property name="jwksUri" value="${idp.url}jwk" />
                            </bean>
                        </entry>
                    </map>
                </property>
            </bean>
        </property>
        <property name="clientConfigurationService">
            <bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService">
                <property name="clients">
                    <map>
                        <entry key="${idp.url}">
                            <bean class="org.mitre.oauth2.model.ClientDetailsEntity">
                                <property name="clientId" value="client" />
                                <property name="clientSecret" value="secret" />
                                <property name="scope">
                                    <set value-type="java.lang.String">
                                        <value>openid</value>
                                        <value>email</value>
                                        <value>address</value>
                                        <value>profile</value>
                                        <value>phone</value>
                                    </set>
                                </property>
                            </bean>
                        </entry>
                    </map>
                </property>
            </bean>
        </property>
        <property name="issuerService">
            <bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService">
                <property name="issuer" value="${idp.url}" />
            </bean>
        </property>
        <property name="authRequestUrlBuilder">
            <bean class="org.mitre.openid.connect.client.service.impl.SignedAuthRequestUrlBuilder">
                <property name="signingAndValidationService" ref="defaultsignerService" />
            </bean>
        </property>
    </bean>
    <bean id="validatorCache" class="org.mitre.jwt.signer.service.impl.JWKSetSigningAndValidationServiceCacheService" /> 
    <bean id="defaultsignerService" class="org.mitre.jwt.signer.service.impl.DefaultJwtSigningAndValidationService">
        <constructor-arg name="keyStore">
            <bean id="defaultKeyStore" class="org.mitre.jose.keystore.JWKSetKeyStore">
                <property name="location" value="classpath:keystore.jwks" />
            </bean>
        </constructor-arg>
        <property name="defaultSignerKeyId" value="rsa1" />
         <property name="defaultSigningAlgorithmName" value="RS256" />
    </bean>
    <bean id="clientKeyPublisher" class="org.mitre.openid.connect.client.keypublisher.ClientKeyPublisher">
         <property name="jwkPublishUrl" value="jwk" />
         <property name="signingAndValidationService" ref="defaultsignerService" />
     </bean>
  • You will need to add a file "keystore.jwks" to src/main/resources. This file has the following format:
{
	"keys":
		[
			{
			  "d": "E7HJVBjdfIkTXz...",
			  "e": "AQAB",
			  "n": "6-t1lVKpi_tRA...",
			  "kty": "RSA",
			  "kid": "rsa1"
			}
		]
}

At least 1 key must be stored in this file with a "kid" value corresponding to the defaultSignerKeyId set on the 'DefaultJwtSigningAndValidationService' bean above. The json-web-key-generator application may be used to generate such a key.

  • You will also need to register your JWK set URI with the server. In the config, this URI is specified in the 'ClientKeyPublisher' bean's 'jwkPublishUrl' property. On the server, this option is currently found under "Manage Clients" > "Edit" > "Credentials" tab > "JWK Set".
Clone this wiki locally