Add support for RFC6750 bearer tokens to ocserv to permit the validation of... (!128) · Merge requests · OpenConnect VPN projects / ocserv

Alan Jowett requested to merge Alan_Jowett/ocserv:issue240 into master Feb 10, 2020

Add support for RFC6750 bearer tokens to ocserv to permit the validation of OpenID Connect auth tokens OpenID Connect is an OAuth 2.0 protocol used to identify a resource owner (VPN client end-user) to a resource server (VPN server) intermediated by an Authorization server.

To configure bearer auth, add the following to the .config file:

auth = "oidc[config=<path to config file>]"

Config file is JSON with the following format:

{

 "openid_configuration_url": "< uri of openid-configuration doc>",

 "user_name_claim": "preferred_username",

 "required_claims": {

   "aud": "SomeAudience",

   "iss": "SomeIssuer"

 }
}

Example openid-configuration doc URIs are: https://accounts.google.com/.well-known/openid-configuration https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration

Required claims controls what claims must be present in a token to permit access.

See your OpenID Connect provider for details on claims and OpenID Connect metadata document URL.

Signed-off-by: Alan TG Jowett alan.jowett@microsoft.com

Edited Feb 18, 2020 by Alan Jowett

Add support for RFC6750 bearer tokens to ocserv to permit the validation of...

Merge request reports