Comments (9)
Currently, yes -- nobody's implemented a configuration switch to cut out functionality.
from openid-connect-java-spring-server.
If what people really want is a configuration switch in the core project to disable dynamic registration, then we should provide that and track it under a different issue. Even if we do implement that, it will remain on by default.
We are in a position where we want to disable the dynamic registration. Is overlaying the registration endpoint still the way to go?
from openid-connect-java-spring-server.
Hi,
I want to apply restriction that only pre-approved client can access the server for authentication.
Is it possible to disable Dynamic Client Registration?
Regards,
Kaival
from openid-connect-java-spring-server.
Not easily and not through configuration -- you would need to unmap the endpoint controller, which you could do with an overlay of the appropriate class. You can, however, restrict all of your valid scopes such that dynamically registered clients can't ask for them.
from openid-connect-java-spring-server.
Hi Justin,
Thanks for your reply, I have done the following changes to restrict dynamic configuration,
Commented 'registration_endpoint' in DiscoveryEndpoint.java
Commented '@RequestMapping(value = DynamicClientRegistrationEndpoint.URL)' annotation in DynamicClientRegistrationEndpoint.java
This will helps, if any service provider already knows the registration endpoint?
Can you please guide me, If I am doing anything wrong? or anything else I require to do?
Thanks & Regards,
Kaival
from openid-connect-java-spring-server.
Those changes should be the only two required. Even if someone guesses the registration URL, it shouldn't be getting served. You might want to also comment out the @Controller
annotation in the DynamicClientRegistrationEndpoint as well, just to be sure.
from openid-connect-java-spring-server.
@jricher ,I saw you mentioned in this post that we can disable dynamic client registrations by overlay. Which class should I overlay to disable DynamicClientRegistraton? (I tried to overlay DynamicClientRegistrationEndpoint (by extending it) and overriding registerClient and throw exception but I am getting ambiguous bean name exceptions). I understand the way @pkaival did it but I would like to do it with overlay.
Thanks
Mallik
from openid-connect-java-spring-server.
You can do it like the above in an overlay. Overlay the registration endpoint and replace it with an empty class (or just exclude it from the overlay in the first place). Taking out the rest of the information above will help as well, and each of those steps can be done in an overlay. At this point, though, the overlay is increasingly invasive.
If what people really want is a configuration switch in the core project to disable dynamic registration, then we should provide that and track it under a different issue. Even if we do implement that, it will remain on by default.
from openid-connect-java-spring-server.
Currently, I can't read ClientConfiguration. I use client_credentials of grant type to get token. After that use token to get ClientConfiguration via .../register/ but it throw access denied because it was reject by filter ROLE_CLIENT.
from openid-connect-java-spring-server.
Related Issues (20)
- Email case in-sensitive HOT 2
- Incorrect link in documentation
- Missing dependency in OpenID Connect Common, incorrect JaCoCO version and Wro4j Maven plugin exception HOT 2
- Compilation issue HOT 1
- Authentication with Client Secret Basic and Client Secret POST are interchangeable HOT 1
- What version UMA is being currently implemented? 2.0 or 1.0 HOT 1
- Version 1.3.5 not published HOT 1
- Build failure on Java11+ HOT 2
- CVE in openid-connect-client HOT 2
- Obsolete Dependency in Use (Log4j 1.2.x)
- Several CVE's in Trivy analysis
- Error when building whith maven HOT 1
- OpenID Connect with OpenLDAP HOT 4
- Consuming restful api in spring mvc application with a token obtained directly from IDP
- (SomeBody please reply for this, it urgent) It have any code to generate a Verifiable Credential HOT 1
- Problem connecting the LDAP Overlay whith Moodle
- Regarding upgrades & other related supportability of this repo HOT 1
- OIDC certication website: No client configuration found for issuer HOT 1
- BCrypt password encoder not working due to Spring 4
- PKCE code verifier does not respect the RFC 7636
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openid-connect-java-spring-server.