[mitreid-connect] Feedback on Google OpenID Connect Integration
P Saraswat
saraswat40 at yahoo.com
Mon Mar 9 21:12:37 EDT 2015
Hi Guys,
Today I spent a few hours looking at Google OpenID integration that you guys have implemented. Over all you guys have done a great job.
There are just a few things that I ran into that I wanted to let you guys know. Hopefully this will help someone.
1. The OpenID-Connect-Java-Spring-Server ( openid-connect-parent ) project ( master ) builds fine and must be built on the local machine before starting with the simple-web-app project.
2. As per https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Sample-Static-Configuration-for-using-Google-Authentication, the simple-web-app project works with the development branch only (as of 03/09/2015). This requires several changes.
a). The master project has moved to spring-security-3.2.5 while the simple-web-app is still on spring-security 3.1.4 b). In step 4, you also need clientSecret. Else you get a "HTTP Status 401 - Authentication Failed: Unable to obtain Access Token: 400 Bad Request" error. c). In step 4, the https://my-redirect-uri-setup-in-google/ must be of the form http://localhost:8080/simple-web-app/openid_connect_login d). in servlet-context.xml, DefaultJWTSigningAndValidationService is spelled as DefaultJwtSigningAndValidationService which results in a classnotfoundexception on startup
3. The final issue I ran into is that after authentication is complete I get a "request for "https://www.googleapis.com/plus/v1/people/me/openIdConnect" resulted in 403" error. The issue and the solution is described in detail here:http://stackoverflow.com/questions/19335503/keep-getting-a-daily-limit-for-unauthenticated-use-exceeded-continued-use-requ
This is not an issue with your implementation but does prevent people from running the example successfully :)
Hope this helps.
ThanksPrashant
--- a/pom.xml+++ b/pom.xml@@ -11,8 +11,8 @@ <org.springframework-version>3.2.3.RELEASE</org.springframework-version> <org.aspectj-version>1.6.9</org.aspectj-version> <org.slf4j-version>1.5.10</org.slf4j-version>- <spring.security.version>3.1.4.RELEASE</spring.security.version>- <mitreid-connect-version>1.1.12</mitreid-connect-version>+ <spring.security.version>3.2.5.RELEASE</spring.security.version>+ <mitreid-connect-version>1.2.0-SNAPSHOT</mitreid-connect-version> </properties>
diff --git a/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml b/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xmlindex 4b2713c..7fd239d 100644--- a/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml+++ b/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml@@ -7,7 +7,7 @@ xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
<!--@@ -430,7 +487,7 @@ This service sets up a bunch of signers and validators based on our own keys. Replace this keystore's contents for a production deployment. -->- <bean id="defaultSignerService" class="org.mitre.jwt.signer.service.impl.DefaultJwtSigningAndValidationService">+ <bean id="defaultSignerService" class="org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService"> <constructor-arg name="keyStore"> <bean id="defaultKeyStore" class="org.mitre.jose.keystore.JWKSetKeyStore"> <property name="location" value="classpath:keystore.jwks" />@@ -449,3 +506,4 @@ </bean> </beans>+ \ No newline at end of filediff --git a/src/main/webapp/WEB-INF/spring/root-context.xml b/src/main/webapp/WEB-INF/spring/root-context.xmlindex d5fd2c5..e3c96f4 100644--- a/src/main/webapp/WEB-INF/spring/root-context.xml+++ b/src/main/webapp/WEB-INF/spring/root-context.xml@@ -8,7 +8,7 @@ xmlns:oauth="http://www.springframework.org/schema/security/oauth2" xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150310/9524fbfd/attachment.htm
More information about the mitreid-connect
mailing list