<div dir="ltr">Thanks for the pointers. I&#39;m still trying to get it working but can I ask about the use-case that the Token Introspecting Client Filter is meant for? We&#39;re trying to implement sso as follows:<div><ol>
<li>User logs into portal (portal web app authenticates with Authorization Server)</li><li>User credentials determine the list of applications (all web apps) the user has access to</li><li>Clicking on an app automatically single-sign-ons the user (no confirmation)</li>
</ol><div>I thought that we could use Token Introspecting Client Filter in step 3?</div><div><br></div><div>Here&#39;s my spring config, but no luck in getting the filter to kick-in. I&#39;m new to all this so thanks for the patience.</div>
</div><div><br></div><div><div>    &lt;security:http pattern=&quot;/introspect&quot;</div><div>                   create-session=&quot;stateless&quot;</div><div>                   entry-point-ref=&quot;oauthAuthenticationEntryPoint&quot;</div>
<div>                   use-expressions=&quot;true&quot;&gt;</div><div>        &lt;security:intercept-url pattern=&quot;/introspect&quot; access=&quot;permitAll&quot; /&gt;<br></div><div>        &lt;security:custom-filter before=&quot;PRE_AUTH_FILTER&quot; ref=&quot;resourceServerFilter&quot; /&gt;<br>
</div><div>    &lt;/security:http&gt;<br></div></div><div><div>    &lt;oauth2:resource-server id=&quot;resourceServerFilter&quot; token-services-ref=&quot;introspectingService&quot; /&gt;</div><div>    &lt;bean id=&quot;introspectingService&quot; class=&quot;org.mitre.oauth2.introspectingfilter.IntrospectingTokenService&quot;&gt;</div>
<div>        &lt;property name=&quot;introspectionConfigurationService&quot; ref=&quot;defaultIntrospectionConfigurationService&quot;/&gt;</div><div>        &lt;property name=&quot;introspectionAuthorityGranter&quot; ref=&quot;defaultIntrospectionAuthorityGranter&quot;/&gt;</div>
<div>    &lt;/bean&gt;</div></div><div><div>    &lt;bean class=&quot;org.mitre.oauth2.introspectingfilter.service.impl.StaticIntrospectionConfigurationService&quot; id=&quot;defaultIntrospectionConfigurationService&quot;&gt;</div>
<div>        &lt;property name=&quot;introspectionUrl&quot; value=&quot;<a href="http://localhost:8080/openid-connect-server-webapp/introspect">http://localhost:8080/openid-connect-server-webapp/introspect</a>&quot; /&gt;</div>
<div>        &lt;property name=&quot;clientConfiguration&quot;&gt;</div><div>            &lt;bean class=&quot;org.mitre.oauth2.model.RegisteredClient&quot;&gt;</div><div>                &lt;property name=&quot;clientId&quot; value=&quot;client&quot;/&gt;</div>
<div>                &lt;property name=&quot;clientSecret&quot; value=&quot;secret&quot;/&gt;</div><div>            &lt;/bean&gt;</div><div>        &lt;/property&gt;</div><div>    &lt;/bean&gt;</div><div>    &lt;bean class=&quot;org.mitre.oauth2.introspectingfilter.service.impl.SimpleIntrospectionAuthorityGranter&quot; id=&quot;defaultIntrospectionAuthorityGranter&quot;/&gt;<br>
</div></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, May 27, 2014 at 6:36 PM, Justin Richer <span dir="ltr">&lt;<a href="mailto:jricher@mit.edu" target="_blank">jricher@mit.edu</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">No, there isn’t one at this time, but that’s not a bad idea to have something like that in the future.<br>
<br>
In the absence of that, you just need to set up an OAuth 2 resource server from Spring Security OAuth. You can find examples within that project — the bean creates a filter that you then add to your “http” block. Then wire in the “token services” of that filter bean with a copy of the “IntrospectingTokenServices” class, configured to talk to your authorization server. This will effectively act as a stand-in for the usual database-backed token services. From that point, it’s pretty much just using Spring Security and Spring Security OAuth like normal.<br>

<br>
The documentation on the wiki page really should have the most comprehensive information:<br>
<br>
<a href="https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Token-Introspecting-Client-Config" target="_blank">https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Token-Introspecting-Client-Config</a><br>

<br>
 — Justin<br>
<div class=""><br>
On May 27, 2014, at 6:27 PM, Duc Nguyen &lt;<a href="mailto:nguyen.d.duc@gmail.com">nguyen.d.duc@gmail.com</a>&gt; wrote:<br>
<br>
&gt; Hello, is there an example (similar to simple-web-app) of how to use Token Introspection? I&#39;ve read the source &amp; documentation and been at this the last couple of days so any help would be greatly appreciated. Thanks, -Duc<br>

</div>&gt; _______________________________________________<br>
&gt; mitreid-connect mailing list<br>
&gt; <a href="mailto:mitreid-connect@mit.edu">mitreid-connect@mit.edu</a><br>
&gt; <a href="http://mailman.mit.edu/mailman/listinfo/mitreid-connect" target="_blank">http://mailman.mit.edu/mailman/listinfo/mitreid-connect</a><br>
<br>
</blockquote></div><br></div>