Authenticating a user
OpenID Connect provider supports traditional Java™ Platform, Enterprise Edition (J2EE) FormLogin for user authentication.
You can customize the login form, see OpenID Connect custom forms.
The OpenID Connect provider can be configured to support other authentication methods.
OpenID Connect provider delegates user authentication to third-party authentication service
If you configure Trust Association Interceptor (TAI) to intercept a request to an OpenID Connect
authorization endpoint (/oidc/<provider name>/authorize)
, the login form is
not presented, and the user authentication is performed by the configured TAI.
OpenID Connect provider authenticates user with HTTP Basic Authentication
If you want an OpenID Connect provider to authenticate a user with HTTP Basic Authentication, the
openid connect autorization
request must include a user id and password as defined
in the Basic Authentication Scheme.
OpenID Connect provider authenticates user with a client certificate
If you want an OpenID Connect provider to authenticate a user with a client certificate, you need
to explicitly add the attribute certAuthentication=true
inside the
oauthProvider
configuration element that is referenced by the
openidConnectProvider
configuration, and the user agent must be able to provide a
client certificate for an OpenID Connect authorization request.
OpenID Connect provider delegates user authentication to a third-party OpenId Connect provider
You can configure an OpenID Connect provider to delegate user authentication to a third-party
OpenID Connect provider. To enable this authentication delegation, you configure the OP as an OpenID
Connect relying party. Optionally, you can add an authentication filter to limit the
openIDConnectClient-1.0
feature to protect an OpenID Connect authorization endpoint
(/oidc/<provider name>/authorize
) only.