NOTE: This solution is not used anymore. Elexis-Environment (EE) uses Keycloak as integrated service.
This overlay creates a MITREid Connect web-application configured for usage with an Elexis database.
The webapp requires the file elexis-connection.xml to exist in the user home's elexis-server directory.
- Use the Elexis-Database configured via
elexis-connection.xmlas user repository. - Use H2 as OpenID Database, and persist the database to
~/elexis-server/openid - Enable Resource Owner Credentials aka password flow
- Programmatically initialize the OpenID database
- Insert the required systems scopes
- Add an introspection client for Elexis-Server
- On startup with
-Dopenid.unit-test=trueadd a unit-test client supporting password grant type - Read the mainContact to show in the web-interface from the Elexis database
- Implement 2-factor-authentication using TOTP
- Hardcode base tag in header.tag to /openid/
- Dynamic issuer resolution according to hostname (can be manually overriden with the
openid.issuerparameter) - Ready for >= Java 11 (include missing JAXB libraries)
- Prevent totp brute-force attacks if password is known
- Is the user allowed to request a specific scope? mitreid-connect/OpenID-Connect-Java-Spring-Server#351
- Remove unit-test-client on shutdown
- https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/API
- mitreid-connect/OpenID-Connect-Java-Spring-Server#1309
- mitreid-connect/OpenID-Connect-Java-Spring-Server#1213
- mitreid-connect/OpenID-Connect-Java-Spring-Server#1220
- http://www.baeldung.com/spring-security-two-factor-authentication-with-soft-token
Run mvn package to generate the overlay openid.war
From https://github.com/iipc/openwayback-sample-overlay
- mvn jetty:run-war to start an instance of Jetty for testing