Category Archives: OpenID Connect

Released Connect2id server 1.2 for OpenID Connect SSO and IdP

Today we released version 1.2 of the Connect2id server for single sign-on (SSO) and identity federation based on the new OpenID Connect standard.

What’s in it:
http://connect2id.com/blog/connect2id-server-1.2

To download a copy:
http://connect2id.com/products/server/download

To test OpenID Connect login with the server online:
https://demo.nimbusds.com/oidc-client

What is OpenID Connect?

OpenID Connect is a new web standard for OAuth 2.0 – based sign-on and identity provision. It was inspired by OAuth 2.0’s massive success and adoption (Facebook, Google, etc) in recent years, helped by the protocol’s focus on ease of client app integration, a crucial factor for attracting social and consumer app developers in large numbers.

The OpenID Connect WG was formed couple of years ago by experts in the field who understood OAuth 2.0’s potential, and set out to define a simple identity layer on top of it by coining a JSON-based identity token (JWT) and a UserInfo endpoint where client apps can retrieve consented profile information about the end-user. All this has been designed to mesh nicely with OAuth 2.0’s existing flows and tokens, while satisfying a wide range of applications in the social, consumer, and enterprise domains.

Why choose the Connect2id server?

  • We designed the Connect2id server with integration and customisation web APIs to fit the most demanding business needs. It enables plug in of arbitrary authentication and authorisation mechanisms as well as claims sources.
  • The server is engineered for 100% uptime, distributed operation within and across data-centres, and low operational costs.
  • Written in Java and based on leading open source products such as Infinispan datagrid and the Nimbus JOSE+JWT library.
  • We’re actively participating in the OpenID Connect, OAuth and JOSE work groups and are ready to provide customers with in-depth expertise on the subject matter. Our customers consistently appreciate our professional support and dedication as well as our no-nonsense sales approach.

The plans for our next release are outlined in the Connect2id server roadmap. But until we proceed with it we’re going to have a few days of well deserved rest 🙂

The OpenID Connect standard is launched

OpenID Connect is an official standard as of today. The specification was approved after voting by the OpenID Foundation and this marks the completion of the long and laboursome process to design and specify a new single sign-on (SSO) protocol for the Internet based on the successful OAuth 2.0 framework.

We began development of an OpenID Connect server for enterprises in early 2012 and want to thank everyone on the Connect, OAuth and JOSE workgroups for contributing to the standard and providing us with guidance on the many questions that we faced as we worked on the SDK and the Connect2id server.

The official announcement can be read on the foundation’s website.

Online demo of our OpenID Connect client and server

Today we put up an online demo of the Connect2ID server along with a generic OpenID Connect client. With that we wish to show the capabilities of the new internet standard for single sign-on (SSO) based on the successful OAuth 2.0 framework. OpenID Connect is designed to sign users onto web as well as native apps and also provides a standard extensible schema for provisioning user details (called UserInfo) such as email, name and contact information to client applications.

The OpenID Connect 1.0 specification is expected to become final in spring of 2014. Around the same time we prepare to release our Connect2ID server for business customers.

openid-connect-login

You can test the OpenID Connect login by going to https://demo.c2id.com/oidc-client.

connect2id-auth

Just click on “Login with OpenID Connect” and when you’re redirected to the IdP server enter “alice” + “secret” as credentials.

connect2id-consent

The consent screen will display which scope and claim values are requested, also the remembered values which the user (can also be implicitly) has previously agreed to. The login page logic is built entirely in JavaScript, so its interaction with the Connect2ID server integration APIs can be examined by testers and developers. A production login page will of course have this logic in the backend and can have a different UI design for obtaining the user’s credentials and consent. The server API also enables integration of arbitrary authentication factors, such as hardware tokens or biometrics.

connect2id-result

Upon returning to the OpenID Connect client you should see the process of decoding the authentication response, making the token request, verifying the ID token and extracting its content, and finally the UserInfo request being made. The client was built with our open source OAuth 2.0 SDK with OpenID Connect extensions.

The demo Connect2ID server is set to remember user sessions for 15 minutes, so if you come back to it within that time you will be redirected straight to the consent form.

The OpenID Connect client has also two other tabs – “Provider details” and “Client details” where you can configure it to speak to another public OpenID Connect server (IdP). We intend to add more OpenID Connect request options to the client UI in future.

OpenID Connect – Как да си върнем личната идентичност в мрежата

Листовете от презентацията ми на PlovdivConf 2013, където разказах за проблемите на удостоверяването в интернет в настоящето и как новият OpenID Connect протокол дава път за тяхното разрешаване в бъдеще, посредством функциите Discovery/WebFinger и Self-Issued.

oidc-title-slide

OpenID-Connect-Identity-Slides [OpenOffice presentation]

OpenID-Connect-Identity-Slides [PDF]