OpenID Connect Sample web app

-
/

OpenID Connect Sample Web App

In this document, I'm trying to demonstrate OpenID Connect with a sample web application. Before doing this we need to have a good idea about OpenID Connect. So if you need to learn about OpenID Connect you can read my previous post.


I'm using MiniOrange as my OpenID Connect provider. There are some steps to follow to setup the OIDC application with MiniOrange. 
  • First, create an account on miniorange and sign in to the account.
  • Then go to the miniOrange Administrator Console.
  • Create an application by selecting Apps > Configure Apps.
  • In the Application name type “OIDC”.
  • Enter your client information(First_name,Last_name) and Save.
  • Once you have configured the application. Please note down the clientID and client secret by going to Apps > View Apps then Select your Open Id application and click on “Edit”.
  • Then add this redirection endpoint to the application. 
  • Again go to the miniOrange Administrator Console.
  • Go to Policy > App Authentication Policy. Then select the tab “Add Policy”.
  • In the Application, name select the OpenID Application that you have created.
  • Enter configuration settings and Save.

You can configure sample application using your details.


 Configure the OpenId Connect application in miniOrange Admin Console with the redirect URI :    https://www.miniorange.com//openid-Sample-webapp/OpenIdResponse.
  • We need to edit client secret so, go to the Constraints.javavfile and edit it. Open the Constants.Java file and initialize the following variables



HOST NAME = miniOrange host provider(example : auth.miniorange.com) without the HTTP/PORT/SUBDOMAIN name

CLIENT SECRET = enter the client secret noted from our miniOrange Admin Console

  • Edit the client id according to your client id in index.jsp 

Building the project

  1. Add all the dependencies and run the following maven commands to add our third-party library MiniOrange-OpenID-api.jar 
                                          mvn install : install-file -Dfile="/lib/miniorange-openid-api.jar"
                                          Dgroupld=com.miniorange.openidclient-
                                          Dartifacld=miniorange-openid-api -Dversion=3.6-
                                          Dpackaging=jar
     2.Run "mvn clean package"at the pom directory level and deploy the ".war" file to apache tom cat.


Testing the project

  1. Open  http//localhost:8080/openid-connect-webapp/                                                                                                                                                                                                                                                         
                                                                                                                                             
  2. Click on "login with MiniOrange"
                                    
                                   





Ucing our client credintial  we can get the user concern page 
  • Username :bunny123@gmail.com
  • abc123




Then click on the authorize button to give the permission to the client app.

After clicking it we can get the access token and id token. 
Then it shows the welcome message .


click here to take github resourses.

Comments

Post a Comment

Popular posts from this blog

How to hack windows 2000 using nessus.....

-
Image
What is nessus? Nessus  is a propriety vulnerability scanner developed by tenable network. It is free of charge for personal use in a non-enterprise environment. We use kali Os to hacking windows server, to testing vulnerabilities . ·          In Linux we have to search both Os are in the same network. And search the ip address of each systems.              ·          To windows :Open the terminal and type “ipconfig”                                     ·          To Linux : Open terminal and type      “ifconfig”                                   ·          Ten now we have both ip addresses. Using ping command can check the connection between        each        other.                                     Ex: ping 192.168.55.99 ·          Then both are connected we can start the nessus and can find the vulnerabilities. ·                                        Using “service ness
Read more

OpenID Connect Introduction

-
Image
What is OpenID Connect?? OpenID Connect is a simple identity layer built on top of the OAuth 2.0 protocol, which allows clients to verify the identity of an end user based on the authentication performed by an authorization server or identity provider (IdP), as well as to obtain basic profile information about the end user in an interoperable and REST-like manner. OpenID Connect specifies a RESTful HTTP API, using JSON as a data format.  OpenID Connect is an increasingly common authentication protocol: when an app prompts you to authenticate using your Facebook or Google+ credentials, the app is probably using OpenID Connect. OpenID Connect allows a range of clients, including web-based, mobile, and JavaScript clients, to request and receive information about authenticating  sessions and end-users. OIDC main purpose is to authenticate user one login and allow access to multiple services which is also known a s SSO (Single Sign-On). OneLogin provides a custom connector optio
Read more

About Heartland Payment System Cyber Attack

-
Image
About Heartland Payment System Cyber Attack On August 13, 2009, the Payment Cards Center hosted a workshop examining the changing nature of data security in consumer electronic payments. The center invited the chairman and CEO of Heartland Payment Systems, Robert Carr, to lead this discussion & to share his experiences stemming from the data breach at his company in late 2008 and, as important, to discuss lessons learned as a result of this event. Carr acknowledged that Heartland is working within the confines of the merchant acquiring and processing environment to address data security  through improved information sharing & security of  intransigent . The data breach at heartland is very costly for the company.It lost 50 percent of its market capitalization 2009.  It had more than $32 legal fees, forensic costs, reserves for potential card brand fines, and other related settlement costs. 1)  Vulnerability    :    poorly coded Web application software to
Read more