[mitreid-connect] MitreID Connect Server behind an API Manager

Luiz Omori luiz.omori at duke.edu
Mon Jun 26 11:24:40 EDT 2017


Indeed, the RemoteIpValve configuration in Tomcat, along with the update to the server-config.xml issuer seems to be working as expected, both for logging in to the server itself and performing the OAuth protocol.

The only restriction I found is that the application name within Tomcat has to match the path in the API Manager. Not ideal but workable.

Regards,
Luiz

From: Luiz Omori <luiz.omori at duke.edu>
Date: Friday, June 23, 2017 at 5:59 PM
To: "mitreid-connect at mit.edu" <mitreid-connect at mit.edu>
Subject: Re: [mitreid-connect] MitreID Connect Server behind an API Manager

Oh,  perhaps it’s better to address this at Tomcat level using the RemoteIpValve...

From: <mitreid-connect-bounces at mit.edu> on behalf of Luiz Omori <luiz.omori at duke.edu>
Date: Friday, June 23, 2017 at 4:15 PM
To: "mitreid-connect at mit.edu" <mitreid-connect at mit.edu>
Subject: [mitreid-connect] MitreID Connect Server behind an API Manager

We are investigating the possibility of putting an MitreID instance behind an API Manager. The latter for the purpose of this discussion would be just a reverse proxy.

We had some success by changing the issuer in server-config.xml, and the login-page/authentication-failure configurations in user-context.xml:

<security:form-login login-page="https://hmp-catsbuild01.dhe.duke.edu:8643/patient-openid-connect/login" authentication-failure-url="https://hmp-catsbuild01.dhe.duke.edu:8643/patient-openid-connect/login?error=failure" authentication-success-handler-ref="authenticationTimeStamper" />

Is that OK? Also, we found an issue and are stuck. The login page is loaded correctly from the API Manager, however the approval page is loaded straight from the server where MitreID is running. Interesting that if the user is already authenticated in the browser, the server will redirect straight to the approval page and correctly uses the API Manager address. Does anybody know where the code is that after a successful authentication sends the client to the approval page? I’m curious about the logic to figured out the approval page address.

Regards,
Luiz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20170626/4d1a6fe3/attachment.html


More information about the mitreid-connect mailing list