pentaho openid connect integration

user2486147 Source

I have to integrate openid connect authentication provider to pentaho.

Currently, I am referring below url for doing this:

https://bitbucket.org/secureops/sops-pentaho

Above link targets only third party openId providers like (gmail, yahoo, facebook and so on) but in my requirement, client has SSO Authentication Provider implemented in IdentityServer3. I tried OpenId4Java APIs which are internally used in above link to consume client end points but It fails with following exception:

org.openid4java.consumer.ConsumerException: 0xa00: Authentication cannot continue: no discovery information provided.

It seems whatever openid provider its connecting to, Its expecting below XRDS kind of discorable document to be returned as response, If it doesn't find it gives above exception.

<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS
    xmlns:xrds="xri://$xrds"
    xmlns:openid="http://openid.net/xmlns/1.0"
    xmlns="xri://$xrd*($v*2.0)">
  <XRD>
    <Service priority="0">
      <Type>http://specs.openid.net/auth/2.0/server</Type>
      <Type>http://specs.openid.net/extensions/pape/1.0</Type>
      <Type>http://openid.net/srv/ax/1.0</Type>
      <Type>http://specs.openid.net/extensions/oauth/1.0</Type>
      <Type>http://specs.openid.net/extensions/ui/1.0/lang-pref</Type>
      <Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
      <Type>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier</Type>
      <Type>http://www.idmanagement.gov/schema/2009/05/icam/no-pii.pdf</Type>
      <Type>http://www.idmanagement.gov/schema/2009/05/icam/openid-trust-level1.pdf</Type>
      <Type>http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf</Type>
      <URI>https://open.login.yahooapis.com/openid/op/auth</URI>
    </Service>
  </XRD>
</xrds:XRDS>

But in IdentityServer3 openid provider, It doesn't implement such service which provides XRDS files shown as above.

Any idea how to resolve this, I have done search but didn't find anything to solve this issue.

I have also tried https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server API but the problem is this APIs are using advance version of Spring libraries and pentaho is using very old so library incompatibilities issues are coming.

Please suggest me any ideas to resolve above issue or suggest me any other approach.

I really appreciate your help.

oauth-2.0pentahoopenid-connect

Answers

answered 3 years ago Hans Z. #1

There's a big difference between the original OpenID (1.0, 2.0) and the more recent OpenID Connect protocol. The Pentaho link that you provide points to OpenID 2.0 documentation. IdentityServer3 (and Google for that matter) only support OpenID Connect so you can't follow that documentation. I don't think Pentaho supports standards-based OpenID Connect yet.

comments powered by Disqus