-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathbasic.html
96 lines (79 loc) · 3.83 KB
/
basic.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
Copyright 2013-2017 ForgeRock AS. All Rights Reserved
Use of this code requires a commercial software license with ForgeRock AS.
or with one of its affiliates. All use shall be exclusively subject
to such license between the licensee and ForgeRock AS.
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>OpenID Connect Basic Client Profile</title>
<link rel="shortcut icon" href="http://forgerock.com/favicon.ico">
<link type="text/css" rel="stylesheet" href="style.css">
<script type="text/javascript"
src="///code.jquery.com/jquery-latest.min.js"></script>
<script type="text/javascript" src="common.js"></script>
<script type="text/javascript" src="basic.js"></script>
</head>
<body>
<div>
<a href="http://openam.forgerock.org/">
<img src="forgerock-logo.svg" width="131" height="83" align="right" alt="ForgeRock Logo">
</a>
</div>
<h3>Basic Client Profile Start Page</h3>
<p>Try OpenAM as an OpenID Connect provider using the
<a href="http://openid.net/specs/openid-connect-basic-1_0.html"
target="_blank">Basic Client Profile</a>.</p>
<p>OpenID Connect Basic Client Profile 1.0 is designed for web-based
relying parties that use the OAuth 2.0 Authorization Code grant type.
This grant type makes it possible for the client to get the access code
by using the authorization code directly, without passing through the end
user's browser. To protect its client secret (password), part of the
client must run on the server.</p>
<p>Note: This example is not designed to protect the client secret, but
instead to show the results at each step in the process.</p>
<div id="config"></div>
<p><a id="link" href="#">Start authorization</a></p>
<script type="text/javascript">
var authRequestParameters = {
"response_type": "code",
"client_id": client_id,
"realm": client_realm,
"scope": "openid profile",
"redirect_uri": redirect_uri,
"state": state
};
var url = server + openam + authorize + "?"
+ encodeQueryData(authRequestParameters);
$("#link").attr("href", url);
$("#config").html(
"<hr>"
+ "<h3>Prerequisite Configuration</h3>"
+ "<p>OpenAM should be running and configured as an "
+ "OpenID Connect Provider in the same container as this "
+ "application.</p>"
+ "<p>Current settings in <code>basic.js</code>:</p>"
+ "<table style='width: 100%; font-family: monospace'>"
+ "<tr><td>OpenAM URI</td><td>" + openam + "</td></tr>"
+ "<tr><td>client_id</td><td>" + client_id + "</td></tr>"
+ "<tr><td>client_secret</td><td>" + client_secret + "</td></tr>"
+ "<tr><td>realm</td><td>" + client_realm + "</td></tr>"
+ "<tr><td>redirect_uri</td><td>" + redirect_uri + "</td></tr>"
+ "</table>"
+ "<p>In OpenAM, create an OAuth 2.0 agent using the "
+ "<code>client_id</code>, <code>client_secret</code>, "
+ "and <code>redirect_uri</code>, and then edit the "
+ "configuration to add the scopes \"openid\" and "
+ "\"profile\".</p>"
+ "<p>Furthermore, set ID Token Signed Response Algorithm "
+ "to <code>HS256</code>.</p>"
+ "<p>After you have configured everything, log out of "
+ "OpenAM. Then click the link to start the authorization "
+ "process.</p>"
);
</script>
</body>
</html>