[mitreid-connect] Back channel access from RP to IDP with HTTP

Michael Furman michael_furman at hotmail.com
Sat Sep 10 03:44:27 EDT 2016


Hi all,

I want to deploy IDP and RP on the same server in the production.

Therefore I want RP will access to IDP endpoints via HTTP.

It mean the front channel will be via HTTPS and back channel with HTTP.

How it is possible?

I have configured the HTTPS issuer on the IDP site:

<property name="issuer" value="https://<...>/openid-connect-server-webapp/" />

I have configured the following on RP:

<bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService">
<property name="servers">
<map>
<entry key="https://<...>/openid-connect-server-webapp/">
                <bean class="org.mitre.openid.connect.config.ServerConfiguration">
                                <property name="issuer" value="https://<...>/openid-connect-server-webapp/" />
                                <property name="authorizationEndpointUri"     value="http://<...>:8088/openid-connect-server-webapp/authorize" />
                                <property name="tokenEndpointUri"    value="http://<...>:8088/openid-connect-server-webapp/token" />
                                <property name="userInfoUri" value="http://<...>:8088/openid-connect-server-webapp/userinfo" />
                                <property name="jwksUri" value="http://<...>:8088/openid-connect-server-webapp/jwk" />
                </bean>
</entry>
</map>
</property>
</bean>
Somehow the RP  switch to use HTTPS:

WARN : org.mitre.openid.connect.client.service.impl.WebfingerIssuerService - Returning normalized input string as issuer, hoping for the best: https://<...>/openid-connect-server-webapp/
WARN : org.mitre.openid.connect.client.service.impl.DynamicServerConfigurationService - Couldn't load configuration for https://<...>/openid-connect-server-webapp/:

Thank you in advance for your help.
Best regards,

   Michael



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20160910/f71a9e33/attachment-0001.html


More information about the mitreid-connect mailing list