cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r991174 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-oidc.html
Date Wed, 22 Jun 2016 10:47:40 GMT
Author: buildbot
Date: Wed Jun 22 10:47:40 2016
New Revision: 991174

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/jax-rs-oidc.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs-oidc.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-oidc.html (original)
+++ websites/production/cxf/content/docs/jax-rs-oidc.html Wed Jun 22 10:47:40 2016
@@ -28,6 +28,15 @@
 <meta name="description" content="Apache CXF, Services Framework - JAX-RS OIDC">
 
 
+<link type="text/css" rel="stylesheet" href="/resources/highlighter/styles/shCoreCXF.css">
+<link type="text/css" rel="stylesheet" href="/resources/highlighter/styles/shThemeCXF.css">
+
+<script src='/resources/highlighter/scripts/shCore.js'></script>
+<script src='/resources/highlighter/scripts/shBrushXml.js'></script>
+<script>
+  SyntaxHighlighter.defaults['toolbar'] = false;
+  SyntaxHighlighter.all();
+</script>
 
 
     <title>
@@ -108,17 +117,23 @@ Apache CXF -- JAX-RS OIDC
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1464281221045 {padding: 0px;}
-div.rbtoc1464281221045 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1464281221045 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1466592425475 {padding: 0px;}
+div.rbtoc1466592425475 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1466592425475 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1464281221045">
+/*]]>*/</style></p><div class="toc-macro rbtoc1466592425475">
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSOIDC-Introduction">Introduction</a></li><li><a
shape="rect" href="#JAX-RSOIDC-MavenDependencies">Maven Dependencies</a></li><li><a
shape="rect" href="#JAX-RSOIDC-IdTokenandUserInfo">IdToken and UserInfo</a></li><li><a
shape="rect" href="#JAX-RSOIDC-OIDCIDPsupport">OIDC IDP support</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSOIDC-Overview">Overview</a></li><li><a
shape="rect" href="#JAX-RSOIDC-FedizOIDC">Fediz OIDC</a></li></ul>
 </li><li><a shape="rect" href="#JAX-RSOIDC-OIDCRPsupport">OIDC RP support</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSOIDC-Overview.1">Overview</a></li><li><a
shape="rect" href="#JAX-RSOIDC-Demos">Demos</a></li></ul>
 </li></ul>
-</div><h1 id="JAX-RSOIDC-Introduction">Introduction</h1><h1 id="JAX-RSOIDC-MavenDependencies">Maven
Dependencies</h1><h1 id="JAX-RSOIDC-IdTokenandUserInfo">IdToken and UserInfo</h1><h1
id="JAX-RSOIDC-OIDCIDPsupport">OIDC IDP support</h1><h2 id="JAX-RSOIDC-Overview">Overview</h2><h2
id="JAX-RSOIDC-FedizOIDC">Fediz OIDC</h2><p><a shape="rect" class="external-link"
href="https://github.com/apache/cxf-fediz/tree/master/services/oidc" rel="nofollow">Fediz
OIDC</a> integrates CXF OIDC with its authentication system to have <a shape="rect"
class="external-link" href="http://openid.net/specs/openid-connect-core-1_0.html" rel="nofollow">OIDC
Core</a> supported with a minimum amount of code and configuration.</p><h1
id="JAX-RSOIDC-OIDCRPsupport">OIDC RP support</h1><h2 id="JAX-RSOIDC-Overview.1">Overview</h2><h2
id="JAX-RSOIDC-Demos">Demos</h2><p><a shape="rect" class="external-link"
href="https://github.com/apache/cxf/tree/master/distribution/src/main/release/samples/jax_rs/big_query"
rel="n
 ofollow">BigQuery</a> <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java"
rel="nofollow">demo service</a> is OAuth2 client which relies on CXF OIDC RP code
to support interacting with the user, redirecting the user to Google to authenticate, and
validating IdToken returned from Google AccessTokenService alongside a new access token (OIDC
Authorization Code Flow). The demo service uses IdToken to address the user correctly and
the access token to access the user's resources as authorized by the user.</p><p><a
shape="rect" class="external-link" href="https://github.com/apache/cxf/tree/master/distribution/src/main/release/samples/jax_rs/basic_oidc"
rel="nofollow">BasicOidc</a> <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/distribution/src/main/release/samples/jax_rs/basic_oidc/src/main/java/demo/jaxrs/serv
 er/IdTokenService.java" rel="nofollow">demo service</a> is not an OAuth2 client,
but a basic JAX-RS server. This server works with an HTTP Browser client which uses Google
script libraries to get IdToken from Google OIDC Authorization endpoint (OIDC Implicit flow).
This browser client interacts with CXF OIDC RP code to get IdToken validated and then posts
this token to the demo service. Demo service depends on CXF OIDC RP to have this IdToken easily
accessible in its code</p><p>&#160;</p><p>&#160;</p></div>
+</div><h1 id="JAX-RSOIDC-Introduction">Introduction</h1><p><a
shape="rect" class="external-link" href="http://openid.net/connect/" rel="nofollow">OpenId
Connect</a> (OIDC) is an identity layer built on top of the OAuth2 protocol.</p><p>CXF
ships OIDC Provider (IDP) and Relying Party (RP) utility code to make it easy for developers
to create their own custom OIDC providers or have JAX-RS applications integrated with well-known
3rd party OIDC IDPs.</p><p>This code relies heavily on <a shape="rect" href="http://cxf.apache.org/docs/jax-rs-oauth2.html">CXF
OAuth2</a> and <a shape="rect" href="http://cxf.apache.org/docs/jax-rs-jose.html">CXF
JOSE</a> modules.</p><p>&#160;</p><h1 id="JAX-RSOIDC-MavenDependencies">Maven
Dependencies</h1><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>CXF OIDC
module</b></div><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">&lt;dependency&gt;
+    &lt;groupId&gt;org.apache.cxf&lt;/groupId&gt;
+    &lt;artifactId&gt;cxf-rt-rs-security-sso-oidc&lt;/artifactId&gt;
+    &lt;version&gt;3.1.7&lt;/version&gt;
+&lt;/dependency&gt;</pre>
+</div></div><h1 id="JAX-RSOIDC-IdTokenandUserInfo">IdToken and UserInfo</h1><p><a
shape="rect" class="external-link" href="http://openid.net/specs/openid-connect-core-1_0.html#IDToken"
rel="nofollow">IdToken</a> is a primary extension that OIDC makes to OAuth2. It provides
a collection of claims describing the authenticated user. IdToken a secured <a shape="rect"
href="http://cxf.apache.org/docs/jax-rs-jose.html#JAX-RSJOSE-JSONWebToken">JWT token</a>
which is <a shape="rect" href="http://cxf.apache.org/docs/jax-rs-jose.html#JAX-RSJOSE-JWSSignature">JWS-signed</a>
and/or <a shape="rect" href="http://cxf.apache.org/docs/jax-rs-jose.html#JAX-RSJOSE-JWEEncryption">JWE-encrypted</a>
by OIDC IDP.</p><p>CXF provides <span class="pl-smi">&#160;</span><a
shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/IdToken.java"
rel="nofollow"><span class="pl-smi">org.apache.cxf.rs.security.oidc
 .common</span>.IdToken</a>.&#160; This token can be processed and protected
by CXF OIDC services and validated by the RP code as described below.</p><p>IdToken
can provide enough information for the client application to work with the current user. However,
the client can get more information about the user from OIDC <a shape="rect" class="external-link"
href="http://openid.net/specs/openid-connect-core-1_0.html#UserInfo" rel="nofollow">UserInfo
endpoint</a>.</p><p>CXF provides <span class="pl-smi">&#160;</span><a
shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/UserInfo.java"
rel="nofollow"><span class="pl-smi">org.apache.cxf.rs.security.oidc.common</span>.UserInfo.</a>
It can be returned from CXF OIDC UserInfo service and validated by the RP code as described
below.</p><h1 id="JAX-RSOIDC-OIDCIDPsupport">OIDC IDP support</h1><h2
id="JAX-RSOIDC-Overview">Overview</h2><p>Whe
 n the user authentication is required the client application initiates one of <a shape="rect"
class="external-link" href="http://openid.net/specs/openid-connect-core-1_0.html" rel="nofollow">OIDC
Core</a> flows and redirects this user to OIDC provider. The user gets redirected back
to the client after the authentication, with the client application receiving <a shape="rect"
class="external-link" href="http://openid.net/specs/openid-connect-core-1_0.html#IDToken"
rel="nofollow">IdToken</a>. If <a shape="rect" class="external-link" href="http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth"
rel="nofollow">Authorization Code Flow</a> is used then IdToken is returned as part
of the follow up <a shape="rect" class="external-link" href="http://openid.net/specs/openid-connect-core-1_0.html#TokenResponse"
rel="nofollow">code to access token exchange</a>, and if <a shape="rect" class="external-link"
href="http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth" rel
 ="nofollow">Implicit Flow</a> is used then IdToken is returned <a shape="rect"
class="external-link" href="http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthResponse"
rel="nofollow">immediately</a>.&#160; It is very much like OAuth2 except that
an extra IdToken parameter is returned.</p><p>&#160;</p><h2 id="JAX-RSOIDC-FedizOIDC">Fediz
OIDC</h2><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf-fediz/tree/master/services/oidc"
rel="nofollow">Fediz OIDC</a> provides a reference integration between CXF OIDC IDP
code and its authentication system. It has <a shape="rect" class="external-link" href="http://openid.net/specs/openid-connect-core-1_0.html"
rel="nofollow">OIDC Core</a> supported with a minimum amount of code and configuration.</p><h1
id="JAX-RSOIDC-OIDCRPsupport">OIDC RP support</h1><h2 id="JAX-RSOIDC-Overview.1">Overview</h2><h2
id="JAX-RSOIDC-Demos">Demos</h2><p><a shape="rect" class="external-link"
href="https://github.com/apache/cxf
 /tree/master/distribution/src/main/release/samples/jax_rs/big_query" rel="nofollow">BigQuery</a>
<a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java"
rel="nofollow">demo service</a> is OAuth2 client which relies on CXF OIDC RP code
to support interacting with the user, redirecting the user to Google to authenticate, and
validating IdToken returned from Google AccessTokenService alongside a new access token (OIDC
Authorization Code Flow). The demo service uses IdToken to address the user correctly and
the access token to access the user's resources as authorized by the user.</p><p><a
shape="rect" class="external-link" href="https://github.com/apache/cxf/tree/master/distribution/src/main/release/samples/jax_rs/basic_oidc"
rel="nofollow">BasicOidc</a> <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/distributi
 on/src/main/release/samples/jax_rs/basic_oidc/src/main/java/demo/jaxrs/server/IdTokenService.java"
rel="nofollow">demo service</a> is not an OAuth2 client, but a basic JAX-RS server.
This server works with an HTTP Browser client which uses Google script libraries to get IdToken
from Google OIDC Authorization endpoint (OIDC Implicit flow). This browser client interacts
with CXF OIDC RP code to get IdToken validated and then posts this token to the demo service.
Demo service depends on CXF OIDC RP to have this IdToken easily accessible in its code</p><p>&#160;</p><p>&#160;</p></div>
            </div>
            <!-- Content -->
          </td>



Mime
View raw message