[mitreid-connect] Feedback on Google OpenID Connect Integration

Justin Richer jricher at mit.edu
Mon Mar 9 21:24:44 EDT 2015 

Thanks for the writeup. Most of the things you’ve found are issues with running SimpleWebApp against the 1.2 branch, which it’s not set up to do. We try to keep the main branch of the SimpleWebApp demo application pointing to the production release, which is currently 1.1. Since you’re not the first to ask about it, though, it might be time to add a 1.2 branch to SimpleWebApp as well.

 — Justin

> On Mar 9, 2015, at 9:12 PM, P Saraswat <saraswat40 at yahoo.com> wrote:
> 
> Hi Guys,
> 
> Today I spent a few hours looking at Google OpenID integration that you guys have implemented. Over all you guys have done a great job.
> 
> There are just a few things that I ran into that I wanted to let you guys know. Hopefully this will help someone.
> 
> 1. The OpenID-Connect-Java-Spring-Server ( openid-connect-parent ) project ( master ) builds fine and must be built on the local machine before starting with the simple-web-app project.
> 
> 2. As per https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Sample-Static-Configuration-for-using-Google-Authentication, the simple-web-app project works with the development branch only (as of 03/09/2015). This requires several changes.
> 
> 	a). The master project has moved to spring-security-3.2.5 while the simple-web-app is still on spring-security 3.1.4
> 	b). In step 4, you also need clientSecret. Else you get a "HTTP Status 401 - Authentication Failed: Unable to obtain Access Token: 400 Bad Request" error.
> 	c). In step 4, the https://my-redirect-uri-setup-in-google/ must be of the form http://localhost:8080/simple-web-app/openid_connect_login
> 	d). in servlet-context.xml, DefaultJWTSigningAndValidationService is spelled as DefaultJwtSigningAndValidationService which results in a classnotfoundexception on startup
> 
> 3. The final issue I ran into is that after authentication is complete I get a "request for "https://www.googleapis.com/plus/v1/people/me/openIdConnect" resulted in 403" error. The issue and the solution is described in detail here:
> http://stackoverflow.com/questions/19335503/keep-getting-a-daily-limit-for-unauthenticated-use-exceeded-continued-use-requ
> 
> This is not an issue with your implementation but does prevent people from running the example successfully :)
> 
> Hope this helps.
> 
> Thanks
> Prashant
> 
> 
> 
> --- a/pom.xml
> +++ b/pom.xml
> @@ -11,8 +11,8 @@
>                 <org.springframework-version>3.2.3.RELEASE</org.springframework-version>
>                 <org.aspectj-version>1.6.9</org.aspectj-version>
>                 <org.slf4j-version>1.5.10</org.slf4j-version>
> -               <spring.security.version>3.1.4.RELEASE</spring.security.version>
> -               <mitreid-connect-version>1.1.12</mitreid-connect-version>
> +               <spring.security.version>3.2.5.RELEASE</spring.security.version>
> +               <mitreid-connect-version>1.2.0-SNAPSHOT</mitreid-connect-version>
>         </properties>
> 
> 
> diff --git a/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml b/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
> index 4b2713c..7fd239d 100644
> --- a/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
> +++ b/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
> @@ -7,7 +7,7 @@
>         xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util"
>         xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd
>                 http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
> -               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
> +               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
>                 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
>                 http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
>                 http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
> 
> 
>         <!--
> @@ -430,7 +487,7 @@
>                 This service sets up a bunch of signers and validators based on our own keys.
>                 Replace this keystore's contents for a production deployment.
>          -->
> -       <bean id="defaultSignerService" class="org.mitre.jwt.signer.service.impl.DefaultJwtSigningAndValidationService">
> +       <bean id="defaultSignerService" class="org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService">
>                 <constructor-arg name="keyStore">
>                         <bean id="defaultKeyStore" class="org.mitre.jose.keystore.JWKSetKeyStore">
>                                 <property name="location" value="classpath:keystore.jwks" />
> @@ -449,3 +506,4 @@
>         </bean>
> 
>  </beans>
> +
> \ No newline at end of file
> diff --git a/src/main/webapp/WEB-INF/spring/root-context.xml b/src/main/webapp/WEB-INF/spring/root-context.xml
> index d5fd2c5..e3c96f4 100644
> --- a/src/main/webapp/WEB-INF/spring/root-context.xml
> +++ b/src/main/webapp/WEB-INF/spring/root-context.xml
> @@ -8,7 +8,7 @@
>         xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
>         xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
>                 http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
> -               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
> +               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
>                 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
>                 http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
>                 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
> 
> 
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150309/a194931b/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150309/a194931b/attachment-0001.bin

More information about the mitreid-connect mailing list