Difference between revisions of "OIDC RP"
(Created page with "==About== This page is a brief introduction to deploying an Open ID Connect RP with mod_auth_openidc. There are many, many ways to do this as there are numerous libraries tha...") |
(→NIEF Testbed Sample) |
||
Line 11: | Line 11: | ||
OIDCProviderMetadataURL https://openid.nief.org/oidc/.well-known/openid-configuration | OIDCProviderMetadataURL https://openid.nief.org/oidc/.well-known/openid-configuration | ||
− | OIDCScope "profile openid email nief" | + | OIDCScope "profile openid email {{highlight|nief}}" |
OIDCClientID [Generated by OIDC Provider] | OIDCClientID [Generated by OIDC Provider] | ||
OIDCClientSecret [Generated by OIDC Provider] | OIDCClientSecret [Generated by OIDC Provider] | ||
Line 19: | Line 19: | ||
AuthType openid-connect | AuthType openid-connect | ||
Require claim "sub~\w" | Require claim "sub~\w" | ||
− | + | </Location> |
Revision as of 14:28, 19 June 2018
About
This page is a brief introduction to deploying an Open ID Connect RP with mod_auth_openidc. There are many, many ways to do this as there are numerous libraries that support it. Additionally there are OIDC Client RPs that run on a mobile device or in a browser that would function a bit differently (as they wouldn't have a credential issued by the OIDC Provider).
Deploying
For the NIEF Testbed mod_auth_openidc offered the best option for deploying an OIDC RP as it operates as an Apache httpd module (with a somewhat similar integration method as the Shibboleth SP). This httpd module was developed by Ping Identity and is available for free here: https://github.com/zmartzone/mod_auth_openidc.
The github repository includes numerous sample configurations that can provide guidance on how to configure it for your environment and needs.
NIEF Testbed Sample
A sample config from the NIEF Testbed is provided as well as it includes a couple minor things not found elsewhere (specifically requesting the NIEF scope from an OIDC Provider):
OIDCProviderMetadataURL https://openid.nief.org/oidc/.well-known/openid-configuration OIDCScope "profile openid email Template:Highlight" OIDCClientID [Generated by OIDC Provider] OIDCClientSecret [Generated by OIDC Provider] OIDCRedirectURI https://testsp.nief.org/oidctest/claims_consumer OIDCCryptoPassphrase [Any random string used locally for session management] <Location /oidctest/> AuthType openid-connect Require claim "sub~\w" </Location>