[mitreid-connect] Back channel access from RP to IDP with HTTP

Justin Richer jricher at mit.edu
Sat Sep 10 08:40:24 EDT 2016


This isn't possible in our codebase.


  -- Justin


On 9/10/2016 3:44 AM, Michael Furman wrote:
> Hi all,
> I want to deploy IDP and RP on the same server in the production.
> Therefore I want RP will access to IDP endpoints via HTTP.
> It mean the front channel will be via HTTPS and back channel with HTTP.
> How it is possible?
>
> I have configured the HTTPS issuer on the IDP site:
>
>
> /<property name="issuer" 
> value="https://<...>/openid-connect-server-webapp/" />/
>
>
> I have configured the following on RP:
>
>
> /<bean 
> class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService">/
>
> /<property name="servers">/
>
> /<map>/
>
> /<entry key="https://<...>/openid-connect-server-webapp/">/
>
> /<bean class="org.mitre.openid.connect.config.ServerConfiguration">/
>
> /<property name="issuer" 
> value="https://<...>/openid-connect-server-webapp/" />/
>
> /<property 
> name="authorizationEndpointUri"value="http://<...>:8088/openid-connect-server-webapp/authorize" 
> />/
>
> /<property 
> name="tokenEndpointUri"value="http://<...>:8088/openid-connect-server-webapp/token" 
> />/
>
> /<property name="userInfoUri" 
> value="http://<...>:8088/openid-connect-server-webapp/userinfo" />/
>
> /<property name="jwksUri" 
> value="http://<...>:8088/openid-connect-server-webapp/jwk" />/
>
> /</bean>/
>
> /</entry>/
>
> /</map>/
>
> /</property>/
>
> /</bean>/
>
> Somehow the RPswitch to use HTTPS:
>
>
> /WARN : 
> org.mitre.openid.connect.client.service.impl.WebfingerIssuerService - 
> Returning normalized input string as issuer, hoping for the best: 
> https://<...>/openid-connect-server-webapp//
>
> /WARN : 
> org.mitre.openid.connect.client.service.impl.DynamicServerConfigurationService 
> - Couldn't load configuration for 
> https://<...>/openid-connect-server-webapp/: /
>
>
> Thank you in advance for your help.
>
> Best regards,
>
> Michael
>   
>
>
>
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20160910/40c7f4d4/attachment.html


More information about the mitreid-connect mailing list