13

I finished studying OpenID to understand its main features. The next step is an OpenID Provider program for my clients. My goal is to develop with SpringBoot (without using Spring Security).

I noticed that I have OpenID Connect, MITREid as options. But none presents a tutorial on how to create a customer and supplier of one.

On another topic, found links from IBM, however, are all out of thin air.

It would be of great importance a simple tutorial as a kick start for the OpenID Provider development for my application.

elioth mr
  • 139
  • 1
  • 1
  • 3

3 Answers3

6

I appreciate that this is a year after the OP's question, but I found some more information whilst doing my own research into the same subject.

There is a Spring Boot port of MitreId available here which I found very useful as a working example.

I also want to mention that the Mitre is available as a Maven Dependency

I hope this helps the next person visiting this page !

sdoxsee
  • 4,451
  • 1
  • 25
  • 60
MarkA
  • 1,132
  • 1
  • 11
  • 21
  • Thanks for this. Any chance you could give a brief explanation of how to use the example? I have it in Eclipse but don't know how to run it. TIA! – schoon Dec 18 '18 at 12:10
5

Update 2022

Spring Authorization Server is a supported Spring Security project that should go GA in November 2022

Original

It rarely makes sense for someone to roll-their-own OpenID Connect Provider. It's not trivial. MitreID Connect even uses Spring Security for part of their code. If you want to use MitreID Connect but as "spring-boot", you can look at some ports of mitreid connect to spring-boot and java config...but I'm not certain they are maintained.

By the way, what do you mean by

none presents a tutorial on how to create a customer and supplier of one.

Do you mean how to use mitreid connect?

Anyway, unless you really know what you're doing, I'd recommend working with an existing OpenID Connect Provider. See: http://openid.net/developers/certified/

sdoxsee
  • 4,451
  • 1
  • 25
  • 60
2

Meanwhile there is a Spring communtity-driven project: Spring Authorization Server it was announced in April 2020 on Spring Blog.

<dependency>
    <groupId>org.springframework.security.experimental</groupId>
    <artifactId>spring-security-oauth2-authorization-server</artifactId>
    <version>0.1.1</version>
</dependency>

Its current version is 0.1.1 available since May 2021. (Version 0.1.0 is available since February 2021)

Tuturial: Baeldung Spring Security OAuth Authorization Server

Ralph
  • 118,862
  • 56
  • 287
  • 383