How to evaluate the Connect2id server at a host other than localhost

Out of the box the Connect2id server package is configured for localhost (IP 127.0.0.1) operation, meaning both the OpenID provider and the test client are set up for use from the same local host.

To set up the server for client access from other hosts follow the instructions below:

  • Replace client-host with the host name or IP address where the Tomcat container with the oidc-client OpenID Connect client application is deployed, e.g. 192.168.100.1.

  • Replace server-host with the host name or IP address where the Tomcat container with the c2id, c2id-login-page-js, password-grant-handler and ldapauth services is deployed, e.g. 192.168.100.2.

Note that you don’t need to provision Tomcat with an SSL certificate for testing purposes.

1. Server-side configuration

1.1 Change the registration details of the test OpenID Connect client

Use your favourite LDAP tool to change the registered callback URL of the sample client.

oauthRedirectURI: http://[client-host]:8080/oidc-client/cb

The admin credentials for the LDAP server are:

  • DN: cn=Directory Manager
  • Password: secret

The sample client registration is located at:

  • DN: oauthClientID=000123,ou=clients,dc=wonderland,dc=net

1.2 Configure the Connect2id server

Edit tomcat/webapps/c2id/WEB-INF/oidcProvider.properties:

// The OpenID provider identifier
op.issuer = http://[server-host]:8080/c2id

// The OAuth authorisation endpoint
op.authz.endpoint = http://[server-host]:8080/c2id-login-page-js

Restart the application for the changes to take effect.

1.3 Configure the sample login page

Edit tomcat/webapps/c2id-login-page-js/js/main.js:

authzSession.baseURL   = "http://[server-host]:8080/c2id/authz-sessions/rest/v1";
subjectSession.baseURL = "http://[server-host]:8080/c2id/session-store/rest/v1";
ldapAuth.url           = "http://[server-host]:8080/ldapauth/";

Restart the application for the changes to take effect.

2. Client-side configuration

2.1 Configure the test OpenID Connect client

Edit tomcat/webapps/oidc-client/WEB-INF/client.properties:

# The default OpenID Connect Provider (OP) properties #
op.iss = http://[server-host]:8080/c2id
op.jwks_uri = http://[server-host]:8080/c2id/jwks.json
op.authz_uri = http://[server-host]:8080/c2id-login-page-js
op.token_uri = http://[server-host]:8080/c2id/token
op.userinfo_uri = http://[server-host]:8080/c2id/userinfo

# The default OpenID Connect Client (RP) properties #
rp.client_id = 000123
rp.client_secret = 7wKJNYFaKKg4FxUdi8_R75GGYsiWezvAbcdN1uSumE4
rp.redirect_uri = http://[client-host]:8080/oidc-client/cb

Restart the application for the changes to take effect.