Example: Set up Gluu as an Identity Provider¶
Inrupt’s Solid OpenID Connect (OIDC) Broker Service provides a compatibility layer between Solid that identifies users with a WebID and traditional OpenID Connect (OIDC) applications that identify users with strings. The Solid OIDC Broker Service allows a Solid user to login with any existing OIDC-compliant identity provider.
Bundled up with the Solid OIDC Broker Service deployment is an install script to deploy a Gluu Identity Server internally inside Kubernetes.
A. Install Gluu Identity Server (Linux)¶
Inrupt’s Solid OIDC Broker download file includes a script to download and install Gluu Identity Server inside Minikube.
Linux Only. The provided installation script is for Linux only. For other operating systems, refer to the official Gluu Installation Guide.
Development/Testing Only. The following instructions are for development/testing deployment only. Do not use for production. For production, use the offical Gluu Kubernetes documentation.
Download and Install¶
To download and install Gluu Identity Server for your development/testing deployment on Linux:
Go to the
cp settings.json.sample settings.json
Run the installation script to download and install Gluu Identity Server for Minikube:
The provided installation script is for Linux only. For other operating systems, refer to the official Gluu Installation Guide.
The script prompts for information, such as usernames, passwords, and domain for Gluu.
If you are running Minikube as a VM on your local machine, update your
/etc/hostsfile to map the Minikube’s IP with the Gluu domain.
<Minikube IP> gluu.<DOMAIN>
After installation, you can access Gluu using the domain you have set as part of the install.
B. Configure Solid OIDC Broker to Use Gluu¶
To configure the Solid OIDC Broker to use Gluu Identity Server as an Identity Provider.
Set up an OpenID Connect Client:
https://gluu.<DOMAIN>/identity/home.htmin a browser.
From the left-side menu, click on OpenID Connect and then Clients.
Click the Add Client button and enter the following information:
Inrupt OIDC Broker
A name of the client.
Redirect Login URIs
<DOMAIN>with your domain.
Add these scopes.
Add this response type.
Authentication method for the Token Endpoint
Redirect Logout URIs
<DOMAIN>with your domain.
Click Update to save the client.
After you save the client, the
Client Secretfields will be populated.
On the left-side menu, click on Configuration and then select the OxAuth Configuration Tab.
Scroll down to
openidSubAttributeand change the value from
Scroll to the end of the page and Click the Save Configuration button.
On the left-side menu, click on Other Custom Scripts and then select the User Registration Tab.
user_registrationand change the
Save by clicking the Update button.
Client Secretvalues, configure the Solid OIDC Broker as documented on Configure with Centralized OIDC Broker.
After configuring the Solid OIDC Broker and Gluu, you can self-register at
https://gluu.<DOMAIN>/identity/register.htmpage. Afterwards, you can login with this user through the Solid OIDC Broker.