Enable users to log in with their Google accounts to applications running on WebSphere Liberty. A short video showing how to set up Google authentication with OpenID Connect.

Download the OpenID and OpenID Connect features for WebSphere Liberty from the Liberty Repository.

1 comment on"Google OpenID Connect for applications on WebSphere Liberty"

  1. Chunlong Liang September 23, 2015

    If you are running Liberty server inside a firewall that is not reachable by Google, you have two options.
    Option 1: You have reverse proxy server or router in the front of Liberty server, you can register front end server in Google.
    Say you registered
    https://myInternalserver.com:8021/oidcclient/redirect/rp
    in Google, which is not reachable by Google, but you proxy server named myExternalserver.com that is reachable by Google. You can do following steps to solve this problem
    1. add redirectToRPHostAndPort=https://myExternalserver.com:8021 to inside Liberty’s server.xml
    2. register https://myExternalserver.com:8021/oidcclient/redirect/rp as redirect URL in Google

    Option 2: Configure Liberty to request OpenID Connect token with implicit grant type.
    If you do not mind give your internal server name to Google, and you also do not mind that Google sends id_token through browser (instead of back channel in authorization_code grant type), you can add grantType=”implicit” to inside Liberty server.xml

    If you do not mind give your internal hostname to Google, and you also do not mind Google send id_token through browser (instead of back channel in Option 1), you can use this option:
    add
    grantType=”implicit”
    to inside Liberty server.xml

Join The Discussion

Your email address will not be published. Required fields are marked *