Warning: This page has not been updated in over over a year and may be outdated or deprecated.
configuration:oauth2_oidc
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
configuration:oauth2_oidc [2022/09/13 13:11] – Add trademark; fix link. demiankatz | configuration:oauth2_oidc [2023/05/12 07:13] (current) – [Testing] emaijala | ||
---|---|---|---|
Line 10: | Line 10: | ||
OIDC allows a client to request any set (i.e. scope) of user attributes. VuFind® allows the OIDC client to request user attributes stored in VuFind®' | OIDC allows a client to request any set (i.e. scope) of user attributes. VuFind® allows the OIDC client to request user attributes stored in VuFind®' | ||
+ | |||
+ | The default scope and claim configuration contains the scopes defined in the OIDC specification and several VuFind specific ones. You should keep the predefined ones available for interoperability, | ||
===== Prerequisites ===== | ===== Prerequisites ===== | ||
Line 16: | Line 18: | ||
===== Configuration ===== | ===== Configuration ===== | ||
+ | |||
+ | ==== Apache + PHP-FPM Configuration ==== | ||
+ | |||
+ | If you are using PHP-FPM, you need to ensure that the '' | ||
+ | |||
+ | ==== VuFind Configuration ==== | ||
:!: It is recommended to have basic understanding of how OAuth2 and OIDC work to ensure proper configuration, | :!: It is recommended to have basic understanding of how OAuth2 and OIDC work to ensure proper configuration, | ||
Line 30: | Line 38: | ||
Finally, '' | Finally, '' | ||
+ | |||
+ | ===== Endpoints ===== | ||
+ | |||
+ | The following endpoints are available: | ||
+ | |||
+ | * Authorization: | ||
+ | * Tokens: / | ||
+ | * OIDC user info: / | ||
+ | * Server' | ||
+ | |||
+ | ===== Testing ===== | ||
+ | |||
+ | [[https:// | ||
+ | < | ||
+ | docker run --rm --name idp-oidc-tester -p 8080:80 registry.gitlab.com/ | ||
+ | </ | ||
+ | Access the service by pointing your browser to http:// | ||
+ | |||
+ | Make sure that the OIDC client in Docker can access token, jwks and user info endpoints of VuFind. E.g. if you run VuFind locally with macOS, use http:// | ||
+ | |||
+ | ^ Setting | ||
+ | | Discover url | (leave empty) | ||
+ | | Authorize url | http:// | ||
+ | | Token endpoint | ||
+ | | JWKS endpoint | ||
+ | | Issuer | ||
+ | | Instrospection endpoint | ||
+ | | User info endpoint | ||
+ | | End session endpoint | ||
+ | | Register as redirect_uri | ||
+ | | Client id | tester | ||
+ | | Client secret | ||
+ | | Scopes | ||
---- struct data ---- | ---- struct data ---- | ||
properties.Page Owner : emaijala | properties.Page Owner : emaijala | ||
---- | ---- | ||
configuration/oauth2_oidc.txt · Last modified: 2023/05/12 07:13 by emaijala