1 / 3

Using OpenID Connect to authenticate a person in Java

The http://openid.net/connect Protocol offers Java developers a way to authenticate a person at any Internet domain that supports the standard. To accomplish this, the domain must provide a way to register clients--the website and mobile applications that use the authentication API offered by the domain.

gluu
Download Presentation

Using OpenID Connect to authenticate a person in Java

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using OpenID Connect to authenticate a person in Java The http://openid.net/connect Protocol offers Java developers a way to authenticate a person at any Internet domain that supports the standard. To accomplish this, the domain must provide a way to register clients--the website and mobile applications that use the authentication API offered by the domain. Discovery Discovery is the first step! Luckily, it’s super-easy! All you have to do is make a get request to https://{domain}/.well-known/openid-configuration

  2. This will return a JSON object, as described in the specification. For example, you can see Gluu'sOpenID Connect discovery url. This will tell you everything you need to know about this OpenID Connect provider, like what are the endpoints (URLs), what crypto is supported, and what user claims can you ask for. An example of a Discovery Request, using the oxAuth RP library. Client Registration In SAML, the website was called a "Service Provider." In OpenID Connect, the website (or mobile application) is called a "Client." Clients can be registered manually by the OP, but more frequently, clients use the Dynamic Registration API to automate the process. • Obtaining the id_token • After your client is registered, it is time to get down to business. OpenID Connect offers two common workflows for authentication: basic (where the person is using a browser, and can be re-directed) and implicit where the client sends the credentials, including the secret. There is a userful implements guide for basic and implicit

  3. Logout OpenID Connect defines a mechanism for Session Management. The idea is that javascript in a web tab can detect that another tab has logged out. One detection of a logout event, the Web application can cleanup sessions in any backend systems as necessary. Its not 100% effective. If the tab is closed when the logout occurs in another tab, the event may not be detected, and the backend systems are advised to timeout sessions. Article Source - http://gluu.soup.io/post/488920294/Using-OpenID-Connect-to-authenticate-a-person

More Related