Skip to content
Justin Richer edited this page Jan 7, 2020 · 64 revisions

MITREid Connect is a reference implementation of the OpenID Connect protocol server and client, built on the Java, Spring, and Spring Security platforms. Java API documentation and a technical overview for the current stable version (generated by the Maven Site plugin) is available at http://mitreid-connect.github.com/.

The current stable release is 1.3.3. Development of this series is currently tracked on the 1.3.x branch. Production systems should use this branch. To upgrade from previous release series, see instructions at Upgrading.

The current legacy release is 1.2.6. Only major security changes that are completely backwards compatible are ported to this branch, no new features are planned or anticipated. Development of this is currently tracked on the 1.2.x branch.

The 1.1, 1.0, and 0.9 release series are no longer supported and upgrade is strongly recommended.

The current development branch is the master branch. Developers should work against this branch. In general, backwards compatibility and data model stability are not guaranteed until release. At the current time, this is tracked to the 1.3.x branch, but it will be forked at some point in the future.

With the exception of the current development branch, the data model and schema for each major release branch remains stable over time.

Project Information

Development

Clients

Protected Resources

  • Token Introspecting Filter, uses Token Introspection to configure a protected resources that can accept tokens from a remote authorization server

Servers

  • Server Configuration, how to configure the MITREid Connect server
  • Server API, RESTful API for managing clients, scopes, whitelists, blacklists, approvals, and tokens
  • Language Files, configurations for overriding display text for custom deployments or translations
  • Clustering, considerations for managing the server as a cluster

Related Github projects

There are several related projects under the MITREid Connect umbrella, including:

  • simple-web-app A simple application that shows how to integrate the client filters in a Spring Security application.
  • example-openid-connect-overlay A simple server that shows how to build an overlay of the server for custom deployments.
  • account-chooser A JavaScript and HTML5 application that makes it easy for users to select between multiple issuers.
  • json-web-key-generator A Java application that generates public and private keys in the JSON Web Key format, used by both the server and client components. It is important for real deployments to have their own key.