Skip to content

lvillaca/springboot_oidc_client

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
gradle/wrapper
gradle/wrapper
 
 
src
src
 
 
.gitattributes
.gitattributes
 
 
.jdk8
.jdk8
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradle.properties
gradle.properties
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
reload.sh
reload.sh
 
 
sp_cert_create.sh
sp_cert_create.sh
 
 
sso-spring-boot-docker.iml
sso-spring-boot-docker.iml
 
 

Repository files navigation

This is an example of a SpringBoot OIDC (OpenID Connect) client, configured via gradle, currently being used for Keycloak clients.

It also simplifies the building process of a Docker container image, and can also dispatch a running container.

This example was created based on Oauth2 configuration for SpringBoot from https://docs.spring.io/spring-security-oauth2-boot/docs/2.0.0.RC2/reference/htmlsingle/

The following are usage instructions:

1 - If you do previously hold a certificate, extract a JKS for that, otherwise:

  • Run keytool_cert_create.sh to create the self-signed jks and X509 certificate
  • Keep the alias and password handy

2 - Create an OpenID Connect client entry under any IDP realm and map it to the app DNS

  • For this example, secrets can be used (other options with certificate are available)
  • Make sure Valid Redirect URLs are set, along with Logout Service Binding URLs

3 - Update src/main/resources/application.yml

  • Under ssl, set the keystore attributes based on step 1
  • Under key-manager, set the classpath, store-pass and alias based on the keystore above
  • Set metadata URL, entity id and secret based on the realm and client id from step 2

4 - Add certificates information

  • Copy into src/main/resources/certs/ : the jks from step 1, and the keycloak truststore jks

  • The IDP certificate can be obtained via the following command line:

    • openssl s_client -connect idp_host_name:idp_port -showcert
    • Crop the content between ---BEGIN CERTIFICATE--- and ---END CERTIFICATE--- (including those lines)
    • And paste in a new file (idp.crt)

  • Further we create the jks

    • keytool -storetype JKS -import -trustcacerts -file idp.crt -alias server -keystore idptruststore.jks -storepass truststorepass

  • And check IDP settings

5 - Update Dockerfile with keycloak client jks configuration

  • Set the build process to include it in the new container image
  • Set the Java Options attributes related to the truststore settings:
    • Path and jks name
    • Certificate type
    • Jks password

6 - Run reload.sh script to trigger build and initiate a container

7 - In IDP, add attributes related to the user

  • User attributes should be mapped (see Mapper, under REALM/client configuration)
    • Add email and fullname (or any other attribute, and update index.html accordingly)

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages