Connect2id server deployment checklist

These are the minimum required steps to setup a Connect2id server:

1. Generate a new set of JSON Web Keys (JWKs), required by the Connect2id server to secure cryptographically the issued tokens and other artifacts.

2. Set the issuer URL that is going to identify the Connect2id server as an OpenID provider and OAuth 2.0 authorisation server.

3. Set the URL of the login page for your Connect2id server.

4. Generate the random strings for the master tokens for the following Connect2id server web APIs:

   • The master API token for the client registration endpoint.

   • The master API token for the authorisation session endpoint (for binding a login front-end and the authentication factors).

   • The master API token for the session store.

   • The master API token for the authorisation store.

   • The master API token for the monitoring endpoint.

5. Set up an LDAP directory for the Connect2id server to persist its own data (client registrations and long-lived authorisations) according to these instructions.

6. Provide the details of your claims source(s) for the OpenID Connect UserInfo. The Connect2id server provides a ready connector for sourcing user details from an LDAP directory. If you intend to use a different source you can implement your own connector.

7. If you're going to deploy the Connect2id server in the cloud, adjust the Infinispan configuration accordingly (e.g. for AWS S3-based discovery).