OpenID Connect Relying Party in Structured Editor

This section describes how to set up IG as an OpenID Connect relying party in the structured editor of Studio. For more information, see "Using AM As a Single OpenID Connect Provider".

Set Up IG As an OpenID Connect Relying Party in Studio

  1. In IG Studio, create a route:

    1. Go to http://openig.example.com:8080/openig/studio, and select Create a route.

    2. Select Structured to use the structured editor.

  2. Select Advanced options on the right, and create a route with the following options:

    • Base URI: http://app.example.com:8081

    • Condition: Path: /home/id_token

    • Name: 07-openid

  3. Configure authentication:

    1. Select Authentication.

    2. Select OpenID Connect, and then select the following options:

      • Client Filter:

        • Client Endpoint: /home/id_token

        • Require HTTPS: Deselect this option

      • Client Registration:

        • Client ID: oidc_client

        • Client secret: password

        • Scopes: openid, profile, and email

        • Basic authentication: Select this option

      • Issuer:

        • Well-known Endpoint: http://openam.example.com:8088/openam/oauth2/.well-known/openid-configuration

      Leave all other values as default.

  4. On the top-right of the screen, select and Display to review the route.

    The following route should be displayed: 

    {
  "name": "07-openid",
  "baseURI": "http://app.example.com:8081",
  "condition": "${matches(request.uri.path, '^/home/id_token')}",
  "heap": [
    {
      "name": "SystemAndEnvSecretStore-1",
      "type": "SystemAndEnvSecretStore"
    }
  ],
  "handler": {
    "type": "Chain",
    "config": {
      "filters": [
        {
          "name": "OAuth2ClientFilter-1",
          "type": "OAuth2ClientFilter",
          "config": {
            "clientEndpoint": "/home/id_token",
            "failureHandler": {
              "type": "StaticResponseHandler",
              "config": {
                "status": 500,
                "headers": {
                  "Content-Type": [
                    "text/plain"
                  ]
                },
                "entity": "Error in OAuth 2.0 setup."
              }
            },
            "registrations": [
              {
                "name": "oidc-user-info-client",
                "type": "ClientRegistration",
                "config": {
                  "clientId": "oidc_client",
                  "clientSecretId": "oidc.secret.id",
                  "issuer": {
                    "name": "Issuer",
                    "type": "Issuer",
                    "config": {
                      "wellKnownEndpoint": "http://openam.example.com:8088/openam/oauth2/.well-known/openid-configuration"
                    }
                  },
                  "scopes": [
                    "openid",
                    "profile",
                    "email"
                  ],
                  "secretsProvider": "SystemAndEnvSecretStore-1",
                  "tokenEndpointAuthMethod": "client_secret_basic"
                }
              }
            ],
            "requireHttps": false,
            "cacheExpiration": "disabled"
          }
        }
      ],
      "handler": "ReverseProxyHandler"
    }
  }
}

  5. Select Deploy to push the route to the IG configuration.

    You can check the $HOME/.openig/config/routes folder to see that the route is there.

Read a different version of :