How to integrate Artifactory with OpenID Connect OAuth 2.0 ?

Nimer Bsoul
2023-01-22 11:10

OAuth is a part of Artifactory. It allows you to delegate authentication requests to external providers and lets users login to Artifactory through their accounts with those providers.

For this step by step guide to setup OpenID Connect OAuth 2.0 integration with Artifactory

To integrate OpenID Connect OAuth 2.0 with Artifactory, we recommend that you use theMITREid Connectopen source project.

The open ID connect server can be used as an OpenID Connect Identity Provider, as well as a general purpose, OAuth 2.0 authorization server.

Start by building the project locally and setting up OpenID Connect:

Git Checkout and Initialization

Check out the project using a normal Git clone command:

$ git clone https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server.git

Common Maven Options You May Want to Use

To skip unit tests, add the following option:

$ mvn -DskipTests package

To skip JavaDoc generation, add the following option:

$ mvn -Dmaven.javadoc.skip=true package

配置http和https代理,添加following option (especially because it seems that Maven on Linux doesn't always read the settings.xml file):

$ mvn -Dhttp.proxyHost=proxy -Dhttp.proxyPort=80 -Dhttps.proxyHost=proxy -Dhttps.proxyPort=80 package


         
Deploying with Jetty

         
The server webapp can be deployed using an embedded Jetty instance inside of Maven. To deploy to Jetty, first install the MITREid application to your local Maven repository by running the following from the maven parent project directory:

         
$ mvn clean install

         
To run the embedded Jetty server and deploy the server webapp, run the following command from the openid-connect-server-webapp directory. Note: Do not run this command from the parent project directory:

         
$ mvn jetty:run-war

         
This will deploy the server to https://localhost:8080/openid-connect-server-webapp. You can log in to it with username: user and password: password.

         

         
Deploying with Apache Tomcat

         
To deploy the server to Tomcat, place a copy of the generated .war file in the appropriate Tomcat webapps directory, such as:

         
cp openid-connect-server-webapp/target/openid-connect-server.war /var/lib/tomcat6/webapps

         
After verifying that your OpenID Connect webapp is up and running, navigate to Home > Self-service Client Registration and click on New Client to add Artifactory:

         
User-added image

         
Fill out the client (Artifactory) configuration fields and click Save: It’s very important to save the generated information such as (Will be later used in Artifactory)

         
User-added image

         
Configuring OAuth with OpenID Connect in Artifactory

         
To access OAuth integration settings, in the Admin module, select Security | OAuth SSO:

         
User-added image

         
AddOpenID Connectas aNew Provider:

         
User-added image

         
To do so, click New. Artifactory will then display a dialog box in which you can enter your provider's details. OpenID Connect supports the following endpoints that need to be used by Artifactory:

         
    
          
  • Auth URL: https://localhost:8080/openid-connect-server-webapp/authorize
    • 
          
  • Token URL: https://localhost:8080/openid-connect-server-webapp/token
    • 
          
  • API URL: https://localhost:8080/openid-connect-server-webapp/userinfo
    • 
         

         
Here's an example of the setup in Artifactory:

         
User-added image

         
When done, click Save.