openid/mobile.html at master · WrenArchiver/openid · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
! MPL 2.0 HEADER START
!
! This Source Code Form is subject to the terms of the Mozilla Public
! License, v. 2.0. If a copy of the MPL was not distributed with this
! file, You can obtain one at http://mozilla.org/MPL/2.0/.
!
! If applicable, add the following below this MPL 2.0 HEADER, replacing
! the fields enclosed by brackets "[]" replaced with your own identifying
! information:
!     Portions Copyright [yyyy] [name of copyright owner]
!
! MPL 2.0 HEADER END
!
!     Copyright 2014 ForgeRock AS
!
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>Mobile Connect Profile</title>
    <link rel="shortcut icon" href="http://forgerock.com/favicon.ico">
    <link type="text/css" rel="stylesheet" href="style.css">
    <script type="text/javascript"
            src="///code.jquery.com/jquery-latest.min.js"></script>
    <script type="text/javascript" src="common.js"></script>
    <script type="text/javascript" src="basic.js"></script>
    <script type="text/javascript" src="mobile.js"></script>
</head>
<body>

<div>
    <a href="http://openam.forgerock.org/">
        <img src="forgerock-logo.svg" width="131" height="83" align="right" alt="ForgeRock Logo">
    </a>
</div>

<h3>Mobile Connect Profile Start Page</h3>

<p>
  Try OpenAM as an OpenID Provider and Authenticator for
  <a href="http://gsmamobileeconomy.com/gsmamc/"
  target="_blank">GSMA Mobile Connect</a>.
</p>

<p>
  Mobile Connect lets users authenticate with mobile phones,
  independent of the device accessing the service.
  It is based on OpenID Connect 1.0 and is still under development.
</p>

<div id="config"></div>

<p><a id="link" href="#">Start authorization</a></p>

<script type="text/javascript">
    var authRequestParameters = {
        "response_type": "code",
        "client_id": client_id,
        "scope": "openid profile",
        "redirect_uri": redirect_uri,
        "state": state,
        "acr_values": acr_values,
        "nonce": nonce,
        "login_hint": login_hint
    };

    var url = server + openam + authorize + "?"
            + encodeQueryData(authRequestParameters);
    $("#link").attr("href", url);

    $("#config").html(
            "<hr>"
                    + "<h3>Prerequisite Configuration</h3>"

                    + "<p>OpenAM should be running and configured as an "
                    + "OpenID Provider (OP) in the top level realm, "
                    + "and in the same container as this application.</p>"

                    + "<p>In addition, configure the OP as follows:</p>"
                    + "<ul>"
                    + "<li>Map \"acr_value\" <code>" + acr_values + "</code> "
                    + "to the <code>ldapService</code> auth chain</li>"
                    + "<li>Set the default acr claim to <code>" + acr_values + "</code></li>"
                    + "<li>Map the \"amr\" value <code>UID_PWD</code> to DataStore</li>"
                    + "</ul>"

                    + "<p>Furthermore, add the following "
                    + "to LDAP User Attributes for the data store:</p>"
                    + "<ul>"
                    + "<li><code>createTimestamp</code></li>"
                    + "<li><code>modifyTimestamp</code></li>"
                    + "</ul>"

                    + "<p>This sample GSMA Mobile Connect relying party "
                    + "reuses the settings for the Basic Client sample, "
                    + "and reuses the Basic Client redirect URI. "
                    + "This sample adds additional settings for Mobile Connect.</p>"

                    + "<p>Adjust the settings as necessary for your configuration.</p>"

                    + "<p>Current settings from <code>basic.js</code>:</p>"
                    + "<table style='width: 100%; font-family: monospace'>"
                    + "<tr><td>OpenAM URI</td><td>" + openam + "</td></tr>"
                    + "<tr><td>client_id</td><td>" + client_id + "</td></tr>"
                    + "<tr><td>client_secret</td><td>" + client_secret + "</td></tr>"
                    + "<tr><td>redirect_uri</td><td>" + redirect_uri + "</td></tr>"
                    + "</table>"

                    + "<p>Current settings from <code>mobile.js</code>:</p>"
                    + "<table style='width: 100%; font-family: monospace'>"
                    + "<tr><td>acr_values</td><td>" + acr_values + "</td></tr>"
                    + "<tr><td>nonce</td><td>" + nonce + "</td></tr>"
                    + "<tr><td>login_hint</td><td>" + login_hint + "</td></tr>"
                    + "</table>"

                    + "<p>In OpenAM, create an OAuth 2.0 agent using the "
                    + "<code>client_id</code>, <code>client_secret</code>, "
                    + "and <code>redirect_uri</code>, and then edit the "
                    + "configuration to add the scopes <code>openid</code> and "
                    + "<code>profile</code>.</p>"

                    + "<p>Furthermore, set ID Token Signed Response Algorithm "
                    + "to <code>HS256</code>.</p>"

                    + "<p>After you have configured everything, log out of "
                    + "OpenAM. Then click the link to start the authorization "
                    + "process.</p>"
    );
</script>

</body>
</html>