Skip to content
No description, website, or topics provided.
Java
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
conf
idp-oidc-extension-api
idp-oidc-extension-distribution Initial commit of Token Introspection endpoint May 16, 2019
idp-oidc-extension-impl Changed token expiration from 1s to 30s. Nov 26, 2019
roles
.travis.yml Switched into openjdk8 Oct 7, 2019
LICENSE.txt
NOTICE Relicensed to Apache2. Nov 25, 2019
README.md
Vagrantfile Added more memory to VM Jul 25, 2018
oidcshibop.yml
pom.xml prepare project version for minor version 1.1.0 development May 16, 2019
requirements.yml to use idp 3.4 release instead of snapshot Oct 22, 2018

README.md

shibboleth-idp-oidc-extension

Build Status

The goal of the project is to provide a OpenID Connect OP extension to Shibboleth IdP V3. The work is done as part of task T3.1A OpenID Connect Federation in GN4-2 JRA3 project.

The Shibboleth IdP 3.4 installed by this project is extended to act as a OpenID Connect provider.

Prerequisites

Deployment

The maven project needs to be built first. The ansible scipts will then perform first installation of Shibboleth Idp V3, after which the extensions are installed.

git clone https://github.com/CSCfi/shibboleth-idp-oidc-extension
cd shibboleth-idp-oidc-extension/
mvn package
vagrant up

Playing around

Login

You need to be root to access all the necessary files.

vagrant ssh
sudo su -

View logs

By following log entries it should be possible to get an idea of the execution.

tail -f /opt/shibboleth-idp/logs/idp-process.log

Self Test Page

Fastest way to test installation is to use preconfigured mod_auth_openidc client for authentication sequence that may be triggered on self test page https://192.168.0.150

By modifying both the authentication request - /etc/httpd/conf.d/auth_openidc.conf - and the Shib OIDC OP extension configuration as described in Wiki you should be able to try different response types and claim sets just to name few.

LDAP User to authenticate with

The LDAP user is Ted Tester, in Finnish:

user:teppo
password:testaaja

Configuration

See Wiki

You can’t perform that action at this time.