Example: Set up Gluu as an Identity Provider#

Inrupt’s Solid OpenID Connect (OIDC) Broker Service provides a compatibility layer between Solid that identifies users with a WebID and traditional OpenID Connect (OIDC) applications that identify users with strings. The Solid OIDC Broker Service allows a Solid user to login with any existing OIDC-compliant identity provider.

Bundled up with the Solid OIDC Broker Service deployment is an install script to deploy a Gluu Identity Server internally inside Kubernetes.

A. Install Gluu Identity Server (Linux)#

Inrupt’s Solid OIDC Broker download file includes a script to download and install Gluu Identity Server inside Minikube.

Important

  • Linux Only. The provided installation script is for Linux only. For other operating systems, refer to the official Gluu Installation Guide.

  • Development/Testing Only. The following instructions are for development/testing deployment only. Do not use for production. For production, use the offical Gluu Kubernetes documentation.

Prerequisite#

The script uses jq. Install jq if you do not have jq installed.

Download and Install#

To download and install Gluu Identity Server for your development/testing deployment on Linux:

  1. Go to the gluu directory:

    cd ${OIDC_RELEASE_DIR}/deployment/kubernetes/minikube/gluu

  2. Copy the settings.json.sample file to settings.json:

    cp settings.json.sample settings.json

  3. Run the installation script to download and install Gluu Identity Server for Minikube:

    ./install.sh

    Note

    • The provided installation script is for Linux only. For other operating systems, refer to the official Gluu Installation Guide.

    • The script prompts for information, such as usernames, passwords, and domain for Gluu.

  4. If you are running Minikube as a VM on your local machine, update your /etc/hosts file to map the Minikube’s IP with the Gluu domain.

    <Minikube IP> gluu.<DOMAIN>

After installation, you can access Gluu using the domain you have set as part of the install.

B. Configure Solid OIDC Broker to Use Gluu#

To configure the Solid OIDC Broker to use Gluu Identity Server as an Identity Provider.

  1. Set up an OpenID Connect Client:

    1. Open https://gluu.<DOMAIN>/identity/home.htm in a browser.

    2. From the left-side menu, click on OpenID Connect and then Clients.

      Click the Add Client button and enter the following information:

      Field

      Value

      Description

      Client Name

      Inrupt OIDC Broker

      A name of the client.

      Redirect Login URIs

      https://broker.<DOMAIN>/openid_connect_login

      Substitute <DOMAIN> with your domain.

      Scopes

      profile, openid

      Add these scopes.

      Response Types

      code

      Add this response type.

      Application Type

      Web

      Subject Type

      public

      Authentication method for the Token Endpoint

      client_secret_basic

      Grant Types

      authorization_code, refresh_token

      Redirect Logout URIs

      https://broker.<DOMAIN>

      Substitute <DOMAIN> with your domain.

    3. Click Update to save the client.

      After you save the client, the Client ID and Client Secret fields will be populated.

  2. On the left-side menu, click on Configuration and then select the OxAuth Configuration Tab.

    1. Scroll down to openidSubAttribute and change the value from inum to uid.

    2. Scroll to the end of the page and Click the Save Configuration button.

  3. On the left-side menu, click on Other Custom Scripts and then select the User Registration Tab.

    1. Expand the user_registration and change the enable_user from false to true.

    2. Check the Enabled checkbox.

    3. Save by clicking the Update button.

  4. Using the Client ID and Client Secret values, configure the Solid OIDC Broker as documented on Configure with Centralized OIDC Broker.

  5. After configuring the Solid OIDC Broker and Gluu, you can self-register at https://gluu.<DOMAIN>/identity/register.htm page. Afterwards, you can login with this user through the Solid OIDC Broker.