Revision history [back]
 | 1 | initial version |
To implement a Spring Boot application with OIDC security for single sign-on redirection during login, you can follow these steps:
Add the spring-security-oauth2-autoconfigure dependency to your project.
Configure the OAuth2 client in your application.properties file. You should define the provider's discovery endpoint, client ID, secret, and scopes.
Create a SecurityConfiguration class that extends WebSecurityConfigurerAdapter. In this class, you can configure the OIDC provider, such as setting up the authentication manager and defining the authorization endpoint.
Annotate your main application class with the @EnableOAuth2Sso annotation. This enables single sign-on (SSO) by automatically redirecting users to the provider's login page if they are not already authenticated.
Test your application by starting it and accessing a secured resource. You should be redirected to the provider's login page, and upon successful authentication, you will be redirected back to your application.
Example configuration:
application.properties:
spring.security.oauth2.client.registration.provider.discoveryUri=https://my-oidc-provider/.well-known/openid-configuration
spring.security.oauth2.client.registration.client-id=my-client-id
spring.security.oauth2.client.registration.client-secret=my-secret
spring.security.oauth2.client.registration.scope=openid profile email
spring.security.oauth2.client.registration.redirect-uri=http://localhost:8080/login/oauth2/code/my-oidc-provider
spring.security.oauth2.client.provider.my-oidc-provider.authorization-uri=https://my-oidc-provider/oauth2/auth
spring.security.oauth2.client.provider.my-oidc-provider.token-uri=https://my-oidc-provider/oauth2/token
spring.security.oauth2.client.provider.my-oidc-provider.user-info-uri=https://my-oidc-provider/userinfo
spring.security.oauth2.client.provider.my-oidc-provider.jwk-set-uri=https://my-oidc-provider/oauth2/jwks
spring.security.oauth2.client.provider.my-oidc-provider.user-name-attribute=sub
SecurityConfiguration.java:
@Configuration
@EnableWebSecurity
@EnableOAuth2Sso
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login**").permitAll()
.anyRequest().authenticated()
.and().oauth2Login();
}
@Bean
public ClientRegistrationRepository clientRegistrationRepository() {
return new InMemoryClientRegistrationRepository(clientRegistration());
}
private ClientRegistration clientRegistration() {
Map<String, Object> providerDetails = new HashMap<>();
providerDetails.put("authorization_uri", "https://my-oidc-provider/oauth2/auth");
providerDetails.put("token_uri", "https://my-oidc-provider/oauth2/token");
providerDetails.put("user_info_uri", "https://my-oidc-provider/userinfo");
providerDetails.put("jwks_uri", "https://my-oidc-provider/oauth2/jwks");
return ClientRegistration.withRegistrationId("my-oidc-provider")
.clientId("my-client-id")
.clientSecret("my-secret")
.clientName("My OIDC Provider")
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
.scope("openid", "profile", "email")
.authorizationUri("https://my-oidc-provider/oauth2/auth")
.tokenUri("https://my-oidc-provider/oauth2/token")
.userInfoUri("https://my-oidc-provider/userinfo")
.userNameAttributeName("sub")
.clientAlias("my-oidc-provider")
.providerConfigurationMetadata(providerDetails)
.build();
}
}