To implement a Spring Boot application with OIDC security for single sign-on redirection during login, you can follow these steps:
Add the spring-security-oauth2-autoconfigure dependency to your project.
Configure the OAuth2 client in your application.properties file. You should define the provider's discovery endpoint, client ID, secret, and scopes.
Create a SecurityConfiguration class that extends WebSecurityConfigurerAdapter. In this class, you can configure the OIDC provider, such as setting up the authentication manager and defining the authorization endpoint.
Annotate your main application class with the @EnableOAuth2Sso annotation. This enables single sign-on (SSO) by automatically redirecting users to the provider's login page if they are not already authenticated.
Test your application by starting it and accessing a secured resource. You should be redirected to the provider's login page, and upon successful authentication, you will be redirected back to your application.
Example configuration:
application.properties:
spring.security.oauth2.client.registration.provider.discoveryUri=https://my-oidc-provider/.well-known/openid-configuration
spring.security.oauth2.client.registration.client-id=my-client-id
spring.security.oauth2.client.registration.client-secret=my-secret
spring.security.oauth2.client.registration.scope=openid profile email
spring.security.oauth2.client.registration.redirect-uri=http://localhost:8080/login/oauth2/code/my-oidc-provider
spring.security.oauth2.client.provider.my-oidc-provider.authorization-uri=https://my-oidc-provider/oauth2/auth
spring.security.oauth2.client.provider.my-oidc-provider.token-uri=https://my-oidc-provider/oauth2/token
spring.security.oauth2.client.provider.my-oidc-provider.user-info-uri=https://my-oidc-provider/userinfo
spring.security.oauth2.client.provider.my-oidc-provider.jwk-set-uri=https://my-oidc-provider/oauth2/jwks
spring.security.oauth2.client.provider.my-oidc-provider.user-name-attribute=sub
SecurityConfiguration.java:
@Configuration
@EnableWebSecurity
@EnableOAuth2Sso
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login**").permitAll()
.anyRequest().authenticated()
.and().oauth2Login();
}
@Bean
public ClientRegistrationRepository clientRegistrationRepository() {
return new InMemoryClientRegistrationRepository(clientRegistration());
}
private ClientRegistration clientRegistration() {
Map<String, Object> providerDetails = new HashMap<>();
providerDetails.put("authorization_uri", "https://my-oidc-provider/oauth2/auth");
providerDetails.put("token_uri", "https://my-oidc-provider/oauth2/token");
providerDetails.put("user_info_uri", "https://my-oidc-provider/userinfo");
providerDetails.put("jwks_uri", "https://my-oidc-provider/oauth2/jwks");
return ClientRegistration.withRegistrationId("my-oidc-provider")
.clientId("my-client-id")
.clientSecret("my-secret")
.clientName("My OIDC Provider")
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
.scope("openid", "profile", "email")
.authorizationUri("https://my-oidc-provider/oauth2/auth")
.tokenUri("https://my-oidc-provider/oauth2/token")
.userInfoUri("https://my-oidc-provider/userinfo")
.userNameAttributeName("sub")
.clientAlias("my-oidc-provider")
.providerConfigurationMetadata(providerDetails)
.build();
}
}
Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss
Asked: 2021-08-12 11:00:00 +0000
Seen: 8 times
Last updated: Oct 14 '21
What is the usage of JavaScript in IntelliJ IDEA Community Edition?
What is the issue with using java Gson().fromJson to assign BigDecimal values?
How can a custom loop function shape be altered to resemble Swift more accurately?
In what manner can I incorporate Java Enums into Amazon DynamoDB and AWS SDK v2?
How can Django Admin accommodate a variety of formats and locales for its input fields?