An IdP for OpenConext. A user can create and manage his own identity. Authentication uses a magic-link by default, and FIDO2 or a password can be added later.
- Java 8
- Maven 3
- MongoDB 3.4.x
- Yarn 1.x
- NodeJS
- Ansible
This project uses Spring Boot and Maven. To run locally, type:
cd myconext-server
mvn spring-boot:run -Dspring-boot.run.profiles=dev
When developing, it's convenient to just execute the applications main-method, which is in Application. Don't forget to set the active profile to dev.
The myconext client is build with Svetle and to get initially started:
cd account-gui
yarn install
yarn dev
Browse to the application homepage.
The IdP is also build with Svelte and to get initially started:
cd myconext-gui
yarn install
yarn start
There is no home page, you'll need to visit a SP and choose eduID to login.
To deploy production bundles
mvn deploy
The myconext application uses a private RSA key and corresponding certificate to sign the SAML requests. We don't want to provide defaults, so in the integration tests the key / certificate pair is generated on the fly. if you want to deploy the application in an environment where the certificate needs to be registered with the Service Provider (Proxy) then you can generate a key pair with the following commands:
cd myconext/myconext-server/src/main/resources
openssl genrsa -out myconext.pem 2048
openssl req -subj '/O=Organization, CN=OIDC/' -key myconext.pem -new -x509 -days 365 -out myconext.crt
Add the key pair to the application.yml file:
private_key_path: classpath:/myconext.pem
certificate_path: classpath:/myconext.crt
If you need to register the public key in EB then issue this command and copy & paste it in Manage for the correct IdP:
cat myconext.crt |ghead -n -1 |tail -n +2 | tr -d '\n'; echo
To get an overview of the git source file's:
cloc --read-lang-def=cloc_definitions.txt --vcs=git
It's possible to migrate from an existing IdP to this IdP. A new identity will be created, and the eppn wil be copied.
curl -u oidcng:secret "http://login.test2.eduid.nl/myconext/api/attribute-manipulation?sp_entity_id=https://test.okke&uid=0eaa7fb2-4f94-476f-b3f6-c8dfc4115a87&sp_institution_guid=null"
curl -u aa:secret "https://login.test2.eduid.nl/myconext/api/attribute-aggregation?sp_entity_id=https://mijn.test2.eduid.nl/shibboleth&[email protected]"
Endpoint to detect duplicate eduID's for SP's that have the same institutionGuid
curl -u aa:secret 'https://login.test2.eduid.nl/myconext/api/system/eduid-duplicates' | jq .