[mitreid-connect] Back channel access from RP to IDP with HTTP

Michael Furman michael_furman at hotmail.com
Sat Sep 10 11:38:59 EDT 2016 

Thanks for the reply!

May be it is possible to configure RP to not check the certificate during the SSL connection ( do not verify HTTP connection certificate).

I definitely want to check the token signature but I do not need to check the local HTTPS connection.

Best regards,
   Michael

On Sep 10, 2016 3:40 PM, Justin Richer <jricher at mit.edu> wrote:

This isn't possible in our codebase.


 -- Justin

On 9/10/2016 3:44 AM, Michael Furman wrote:

Hi all,

I want to deploy IDP and RP on the same server in the production.

Therefore I want RP will access to IDP endpoints via HTTP.

It mean the front channel will be via HTTPS and back channel with HTTP.

How it is possible?



I have configured the HTTPS issuer on the IDP site:


<property name="issuer" value="https://<...>/openid-connect-server-webapp/" />


I have configured the following on RP:


<bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService">

<property name="servers">

<map>

<entry key="https://<...>/openid-connect-server-webapp/">

                <bean class="org.mitre.openid.connect.config.ServerConfiguration">

                                <property name="issuer" value="https://<...>/openid-connect-server-webapp/" />

                                <property name="authorizationEndpointUri"     value="http://<...>:8088/openid-connect-server-webapp/authorize" />

                                <property name="tokenEndpointUri"    value="http://<...>:8088/openid-connect-server-webapp/token" />

                                <property name="userInfoUri" value="http://<...>:8088/openid-connect-server-webapp/userinfo" />

                                <property name="jwksUri" value="http://<...>:8088/openid-connect-server-webapp/jwk" />

                </bean>

</entry>

</map>

</property>

</bean>

Somehow the RP  switch to use HTTPS:


WARN : org.mitre.openid.connect.client.service.impl.WebfingerIssuerService - Returning normalized input string as issuer, hoping for the best: https://<...>/openid-connect-server-webapp/

WARN : org.mitre.openid.connect.client.service.impl.DynamicServerConfigurationService - Couldn't load configuration for https://<...>/openid-connect-server-webapp/:


Thank you in advance for your help.

Best regards,

   Michael






_______________________________________________
mitreid-connect mailing list
mitreid-connect at mit.edu<mailto:mitreid-connect at mit.edu>
http://mailman.mit.edu/mailman/listinfo/mitreid-connect



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20160910/66f23a9a/attachment.html

More information about the mitreid-connect mailing list