[mitreid-connect] Feedback on Google OpenID Connect Integration

P Saraswat saraswat40 at yahoo.com
Mon Mar 9 21:12:37 EDT 2015


Hi Guys,

Today I spent a few hours looking at Google OpenID integration that you guys have implemented. Over all you guys have done a great job.
There are just a few things that I ran into that I wanted to let you guys know. Hopefully this will help someone.
1. The OpenID-Connect-Java-Spring-Server ( openid-connect-parent ) project ( master ) builds fine and must be built on the local machine before starting with the simple-web-app project.
2. As per https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Sample-Static-Configuration-for-using-Google-Authentication, the simple-web-app project works with the development branch only (as of 03/09/2015). This requires several changes. 
 a). The master project has moved to spring-security-3.2.5 while the simple-web-app is still on spring-security 3.1.4 b). In step 4, you also need clientSecret. Else you get a "HTTP Status 401 - Authentication Failed: Unable to obtain Access Token: 400 Bad Request" error. c). In step 4, the https://my-redirect-uri-setup-in-google/ must be of the form http://localhost:8080/simple-web-app/openid_connect_login d). in servlet-context.xml, DefaultJWTSigningAndValidationService is spelled as DefaultJwtSigningAndValidationService which results in a classnotfoundexception on startup
3. The final issue I ran into is that after authentication is complete I get a "request for "https://www.googleapis.com/plus/v1/people/me/openIdConnect" resulted in 403" error. The issue and the solution is described in detail here:http://stackoverflow.com/questions/19335503/keep-getting-a-daily-limit-for-unauthenticated-use-exceeded-continued-use-requ
This is not an issue with your implementation but does prevent people from running the example successfully :)
Hope this helps.
ThanksPrashant


--- a/pom.xml+++ b/pom.xml@@ -11,8 +11,8 @@                <org.springframework-version>3.2.3.RELEASE</org.springframework-version>                <org.aspectj-version>1.6.9</org.aspectj-version>                <org.slf4j-version>1.5.10</org.slf4j-version>-               <spring.security.version>3.1.4.RELEASE</spring.security.version>-               <mitreid-connect-version>1.1.12</mitreid-connect-version>+               <spring.security.version>3.2.5.RELEASE</spring.security.version>+               <mitreid-connect-version>1.2.0-SNAPSHOT</mitreid-connect-version>        </properties> 
diff --git a/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml b/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xmlindex 4b2713c..7fd239d 100644--- a/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml+++ b/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml@@ -7,7 +7,7 @@        xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util"        xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd                http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd-               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd+               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd                http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd                http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd                http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
                <!--@@ -430,7 +487,7 @@                This service sets up a bunch of signers and validators based on our own keys.                Replace this keystore's contents for a production deployment.         -->-       <bean id="defaultSignerService" class="org.mitre.jwt.signer.service.impl.DefaultJwtSigningAndValidationService">+       <bean id="defaultSignerService" class="org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService">                <constructor-arg name="keyStore">                        <bean id="defaultKeyStore" class="org.mitre.jose.keystore.JWKSetKeyStore">                                <property name="location" value="classpath:keystore.jwks" />@@ -449,3 +506,4 @@        </bean>                  </beans>+  \ No newline at end of filediff --git a/src/main/webapp/WEB-INF/spring/root-context.xml b/src/main/webapp/WEB-INF/spring/root-context.xmlindex d5fd2c5..e3c96f4 100644--- a/src/main/webapp/WEB-INF/spring/root-context.xml+++ b/src/main/webapp/WEB-INF/spring/root-context.xml@@ -8,7 +8,7 @@        xmlns:oauth="http://www.springframework.org/schema/security/oauth2"        xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd                http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd-               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd+               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd                http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd                http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd                http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150310/9524fbfd/attachment.htm


More information about the mitreid-connect mailing list