MITREid Connect Client Library

MITREid Connect is an open source OpenID Connect Implementation in java for the Spring Framework, with a client library implemented as a servlet filter. This guide will integrate the example application of the client library, with Curity Identity Server.


To follow this guide you need a few developer tools

  • Git
  • Maven
  • Java 8 JDK
  • The JDK need to trust the certificate of Curity Identity Server


This guide assumes that a OAuth profile with the issuer https://localhost:8443/oauth/v2/anonymous is setup and OpenID Connect Metadata needs to be enabled.

Create configuration for OIDC App

Listing 329 Clone sample application
    admin@localhost% edit profiles profile oauth2 oauth-service settings authorization-server client-store config-backed client mitreid
    [ok][2017-08-23 07:43:18]

    admin@localhost% set scope openid
    [ok][2017-08-23 07:44:32]

    admin@localhost% set capabilities code
    [ok][2017-08-23 07:44:37]

    admin@localhost% set secret !QAZxsw2
    [ok][2017-08-23 07:46:04]

    admin@localhost% set redirect-uris http://localhost:8080/openid_connect_login
    [ok][2017-08-23 07:48:23]

    admin@localhost% commit
    Commit complete.
    [ok][2017-08-23 07:49:14]

Checkout the Sample Application

Listing 330 Clone sample application git clone

Add Curity Identity Server as a trusted issuer

Edit the servlet context src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml. Find the StaticClientConfigurationService bean, and add a client to the clients map.

Listing 331 Static client configuration
     <bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
       <property name="clients">
           <entry key="https://localhost:8443/oauth/v2/anonymous">
             <bean class="org.mitre.oauth2.model.RegisteredClient">
               <property name="clientId" value="mitreid"/>
               <property name="clientSecret" value="!QAZxsw2"/>
               <property name="scope">
                 <set value-type="java.lang.String">
               <property name="tokenEndpointAuthMethod" value="SECRET_BASIC"/>
               <property name="redirectUris">

This configuration adds a client that will use the credentials provided, and will ask Curity Identity Server for the scope openid.

Run the sample app

Listing 332 Build and run the sample app
     mvn jetty:run -Dorg.eclipse.jetty.annotations.maxWait=320

It takes a while to start, wait until [INFO] Started ServerConnector@123307c4{HTTP/1.1}{} turns up.

To test the application, access http://localhost:8080/_ in a browser and press Log In.


You will be presented by a form where you should enter the issuer, https://localhost:8443/oauth/v2/anonymous.

You should be redirected to Curity Identity Server to log in using an existing authenticator, and then be redirected to the sample
web app, with a logged in state.