Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
idp-oidc-extension-distribution Initial commit of Token Introspection endpoint May 16, 2019
idp-oidc-extension-impl Changed token expiration from 1s to 30s. Nov 26, 2019
.travis.yml Switched into openjdk8 Oct 7, 2019
NOTICE Relicensed to Apache2. Nov 25, 2019
Vagrantfile Added more memory to VM Jul 25, 2018
pom.xml prepare project version for minor version 1.1.0 development May 16, 2019
requirements.yml to use idp 3.4 release instead of snapshot Oct 22, 2018


Build Status

The goal of the project is to provide a OpenID Connect OP extension to Shibboleth IdP V3. The work is done as part of task T3.1A OpenID Connect Federation in GN4-2 JRA3 project.

The Shibboleth IdP 3.4 installed by this project is extended to act as a OpenID Connect provider.



The maven project needs to be built first. The ansible scipts will then perform first installation of Shibboleth Idp V3, after which the extensions are installed.

git clone
cd shibboleth-idp-oidc-extension/
mvn package
vagrant up

Playing around


You need to be root to access all the necessary files.

vagrant ssh
sudo su -

View logs

By following log entries it should be possible to get an idea of the execution.

tail -f /opt/shibboleth-idp/logs/idp-process.log

Self Test Page

Fastest way to test installation is to use preconfigured mod_auth_openidc client for authentication sequence that may be triggered on self test page

By modifying both the authentication request - /etc/httpd/conf.d/auth_openidc.conf - and the Shib OIDC OP extension configuration as described in Wiki you should be able to try different response types and claim sets just to name few.

LDAP User to authenticate with

The LDAP user is Ted Tester, in Finnish:



See Wiki

You can’t perform that action at this time.