openid/mobile.html at master · ForgeRock/openid · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
  Copyright 2014-2017 ForgeRock AS. All Rights Reserved

  Use of this code requires a commercial software license with ForgeRock AS.
  or with one of its affiliates. All use shall be exclusively subject
  to such license between the licensee and ForgeRock AS.
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>Mobile Connect Profile</title>
    <link rel="shortcut icon" href="http://forgerock.com/favicon.ico">
    <link type="text/css" rel="stylesheet" href="style.css">
    <script type="text/javascript"
            src="///code.jquery.com/jquery-latest.min.js"></script>
    <script type="text/javascript" src="common.js"></script>
    <script type="text/javascript" src="basic.js"></script>
    <script type="text/javascript" src="mobile.js"></script>
</head>
<body>

<div>
    <a href="http://openam.forgerock.org/">
        <img src="forgerock-logo.svg" width="131" height="83" align="right" alt="ForgeRock Logo">
    </a>
</div>

<h3>Mobile Connect Profile Start Page</h3>

<p>
  Try OpenAM as an OpenID Provider and Authenticator for
  <a href="http://gsmamobileeconomy.com/gsmamc/"
  target="_blank">GSMA Mobile Connect</a>.
</p>

<p>
  Mobile Connect lets users authenticate with mobile phones,
  independent of the device accessing the service.
  It is based on OpenID Connect 1.0 and is still under development.
</p>

<div id="config"></div>

<p><a id="link" href="#">Start authorization</a></p>

<script type="text/javascript">
    var authRequestParameters = {
        "response_type": "code",
        "client_id": client_id,
        "scope": "openid profile",
        "redirect_uri": redirect_uri,
        "state": state,
        "acr_values": acr_values,
        "nonce": nonce,
        "login_hint": login_hint
    };

    var url = server + openam + authorize + "?"
            + encodeQueryData(authRequestParameters);
    $("#link").attr("href", url);

    $("#config").html(
            "<hr>"
                    + "<h3>Prerequisite Configuration</h3>"

                    + "<p>OpenAM should be running and configured as an "
                    + "OpenID Provider (OP) in the top level realm, "
                    + "and in the same container as this application.</p>"

                    + "<p>In addition, configure the OP as follows:</p>"
                    + "<ul>"
                    + "<li>Map \"acr_value\" <code>" + acr_values + "</code> "
                    + "to the <code>ldapService</code> auth chain</li>"
                    + "<li>Set the default acr claim to <code>" + acr_values + "</code></li>"
                    + "<li>Map the \"amr\" value <code>UID_PWD</code> to DataStore</li>"
                    + "</ul>"

                    + "<p>Furthermore, add the following "
                    + "to LDAP User Attributes for the data store:</p>"
                    + "<ul>"
                    + "<li><code>createTimestamp</code></li>"
                    + "<li><code>modifyTimestamp</code></li>"
                    + "</ul>"

                    + "<p>This sample GSMA Mobile Connect relying party "
                    + "reuses the settings for the Basic Client sample, "
                    + "and reuses the Basic Client redirect URI. "
                    + "This sample adds additional settings for Mobile Connect.</p>"

                    + "<p>Adjust the settings as necessary for your configuration.</p>"

                    + "<p>Current settings from <code>basic.js</code>:</p>"
                    + "<table style='width: 100%; font-family: monospace'>"
                    + "<tr><td>OpenAM URI</td><td>" + openam + "</td></tr>"
                    + "<tr><td>client_id</td><td>" + client_id + "</td></tr>"
                    + "<tr><td>client_secret</td><td>" + client_secret + "</td></tr>"
                    + "<tr><td>redirect_uri</td><td>" + redirect_uri + "</td></tr>"
                    + "</table>"

                    + "<p>Current settings from <code>mobile.js</code>:</p>"
                    + "<table style='width: 100%; font-family: monospace'>"
                    + "<tr><td>acr_values</td><td>" + acr_values + "</td></tr>"
                    + "<tr><td>nonce</td><td>" + nonce + "</td></tr>"
                    + "<tr><td>login_hint</td><td>" + login_hint + "</td></tr>"
                    + "</table>"

                    + "<p>In OpenAM, create an OAuth 2.0 agent using the "
                    + "<code>client_id</code>, <code>client_secret</code>, "
                    + "and <code>redirect_uri</code>, and then edit the "
                    + "configuration to add the scopes <code>openid</code> and "
                    + "<code>profile</code>.</p>"

                    + "<p>Furthermore, set ID Token Signed Response Algorithm "
                    + "to <code>HS256</code>.</p>"

                    + "<p>After you have configured everything, log out of "
                    + "OpenAM. Then click the link to start the authorization "
                    + "process.</p>"
    );
</script>

</body>
</html>