You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

 

Introduction

OpenId Connect (OIDC) is an identity layer built on top of the OAuth2 protocol.

When a user authentication is required the client application initiates one of OIDC Core flows and redirects this user to OIDC provider. The user gets redirected back to the client after the authentication, with the client application receiving IdToken. If Authorization Code Flow is used then IdToken is returned as part of the follow up code to access token exchange, and if Implicit Flow is used then IdToken is returned immediately.  It is very much like OAuth2 except that an extra IdToken parameter is returned.

Fediz OIDC provides an implementation of OIDC Core by integrating CXF OIDC IDP with Fediz Authentication System. It is available starting from Fediz 1.3.0.

This project is a work in progress.  

Implementation

User Authentication

Fediz OIDC is currently implemented as a Fediz WS-Federation RP web application. When Fediz OIDC is accessed by a user, Fediz WS-Fed Authenticator will redirect a user to Fediz WS-Fed IDP to complete the authentication process. The fact WS-Fed is used during this process is transparent to the user. Note Fediz OIDC itself is completely agnostic to the way the authentication is done - all it needs is for Fediz to provide it an authenticated principal for it to support its OIDC flows.

Future major releases of Fediz will optimize and improve this process by bringing  Fediz OIDC much closer to the core Fediz Authentication System thus avoiding an internal WS-Fed flow completely.

Trusted Providers

Fediz provides a comprehensive support for delegating the user authentication to trusted providers. Such providers can support SAML, WS-Fed or OpenId Connect protocols. Thus Fediz OIDC users can be authenticated locally or redirected further to registered authentication providers. This is achieved by assigning home realms to Fediz OIDC client registrations. 

Data Persistence

Client Registration

OIDC Services

 

Deployment

Drop fediz-oidc.war into a Tomcat container hosting the core Fediz IDP service. 

 

 

 

  • No labels