+

Search Tips   |   Advanced Search

Authenticating a user

OpenID Connect provider supports traditional Java Platform, Enterprise Edition (J2EE) FormLogin for user authentication.

We can customize the login form, see

OpenID Connect custom forms.

The OpenID Connect provider can be configured to support other authentication methods.


OpenId Connect provider delegates user authentication to third-party authentication service

If we configure Trust Association Interceptor (TAI) to intercept a request to an OpenID Connect authorization endpoint (/oidc/<provider name>/authorize), the login form is not presented, and the user authentication is performed by the configured TAI.


OpenId Connect provider authenticates user with HTTP Basic Authentication

If we want an OpenID Connect provider to authenticate a user with HTTP Basic Authentication, the openid connect autorization request must include a user id and password as defined in the Basic Authentication Scheme.


OpenID Connect provider authenticates user with a client certificate

If we want an OpenID Connect provider to authenticate a user with a client certificate, we need to explicitly add the attribute certAuthentication=true inside the oauthProvider configuration element referenced by the openidConnectProvider configuration, and the user agent must be able to provide a client certificate for an OpenID Connect authorization request.


Parent topic:

Configure an OpenID Connect Provider