Project

General

Profile

Development #6982

Développer un IdP OpenID Connect

Added by Benjamin Dauvergne over 4 years ago. Updated over 2 years ago.

Status:
Fermé
Priority:
Haut
Category:
-
Target version:
Start date:
Due date:
% Done:

100%

Patch proposed:
No
Planning:
No

Description

The first target is the Authorization Code Flow which1 matches more or less what we called an OAuth2 IdP before.

No refresh token should be produced.

Supported features:
  • id token signed with RSA key
  • auth_time in id token
  • max_age
  • prompt {none,login} for the ID token is not necessary for now.
  • display {page,popup}
  • OIC Metadata
  • RP initiated logout and end_session_endpoint in metadata

1 Authentication using the Authorization Code Flow

Associated revisions

Revision da28c703 (diff)
Added by Benjamin Dauvergne almost 3 years ago

tests: add utils.logout (#6982)

Revision b5a1fb57 (diff)
Added by Benjamin Dauvergne almost 3 years ago

auth_oidc: convert timestamp to datetime in UTC timezone (#6982)

As fromtimestamp() converts timestamp to the local timezone if no timezone is
given, the make_aware call was naively converting a local datetime to an UTC and
timezone aware datetime.

Revision 5de2aeb6 (diff)
Added by Benjamin Dauvergne almost 3 years ago

tests: set HTTP_HOST to localhost instead of localhost:80 (#6982)

webob which is used by webtest returns localhost:80 when no HTTP_HOST is
explicitely set in HTTP requests.

Revision 46ee5559 (diff)
Added by Benjamin Dauvergne almost 3 years ago

utils: add time to authentication event in session (#6982)

Revision 59b97325 (diff)
Added by Benjamin Dauvergne almost 3 years ago

utils: add accessor for last authentication event in session (#6982)

Revision 5009b6eb (diff)
Added by Benjamin Dauvergne almost 3 years ago

add OpenID Connect IdP plugin (fixes #6982)

You must set a valid RSA JWK in a JWKSet in the setting key A2_IDP_OIDC_JWKSET
or only use HMAC signature for your clients.

Revision 7cf18eac (diff)
Added by Benjamin Dauvergne almost 3 years ago

authentic2_idp_oidc: add templates (#6982)

Revision b2633034 (diff)
Added by Benjamin Dauvergne almost 3 years ago

authentic2_idp_oidc: fix variable interpolation (#6982)

Revision 80b27063 (diff)
Added by Benjamin Dauvergne almost 3 years ago

authentic2_idp_oidc: remove openid scope when passing scopes to template (#6982)

Revision ccf22949 (diff)
Added by Benjamin Dauvergne almost 3 years ago

authentic2_idp_oidc: remove empty state from authorization response (#6982)

History

#1 Updated by Benjamin Dauvergne over 4 years ago

  • Description updated (diff)
  • Assignee set to Benjamin Dauvergne
  • Target version set to 2.2.0

#2 Updated by Benjamin Dauvergne about 4 years ago

  • Target version changed from 2.2.0 to future

#3 Updated by Pierre Cros over 3 years ago

  • Due date set to 30 Jun 2016

#4 Updated by Mikaël Ates over 3 years ago

Django OIDC provider (https://github.com/juanifioren/django-oidc-provider) may be a good start ?
(Tested only for the SSO and logout profiles using the A2 FC FS plugin).

#5 Updated by Mikaël Ates over 3 years ago

  • Assignee changed from Benjamin Dauvergne to Mikaël Ates

#6 Updated by Mikaël Ates over 3 years ago

  • Target version changed from future to 2.2.0

#7 Updated by Benjamin Dauvergne almost 3 years ago

  • Subject changed from Start an OpenID Connect IdP to Développer un IdP OpenID Connect
  • Assignee changed from Mikaël Ates to Benjamin Dauvergne
  • Priority changed from Bas to Haut

#8 Updated by Benjamin Dauvergne almost 3 years ago

  • Status changed from Nouveau to Résolu (à déployer)

#9 Updated by Benjamin Dauvergne over 2 years ago

  • Status changed from Résolu (à déployer) to Fermé

Also available in: Atom PDF