ref-idp-server

ref-idp-server copied to clipboard

Disclaimer

This software is not developed for productive use. It was developed to check the feasibility of the specification.

Overview

The IDP-Global project consists of various sub-projects. These are

• IDP-Server: Reference development of the central IDP

• IDP-Client: Client to request ACCESS_TOKEN with SMC-B-Aut or HBA-Aut keys at the central IDP

• IDP-Testsuite: Approval test suite for a central IDP, also includes tests for Fast Track and federated IDPs

  
  

• IDP-Sektoral: PoC for a sectoral IDP in the Fast Track context

The last sub-project "IDP-Sektoral" in the list above is not part of the reference implementation published on github.

Idp-Server as docker image

Use existing image from docker hub

https://hub.docker.com/repository/docker/gematik1/idp-server

Build image of Idp-Server, 2 examples

in project root:

Example 1: build with all tests

$ mvn clean install -pl idp-server -am

Example 2: build without unit/int tests, set parameter commit_hash for dockerfile

$ mvn clean install -pl idp-server -am -Dskip.unittests -Dskip.inttests -Dcommit_hash=`git log --pretty=format:'%H' -n 1`

Start container

$ docker run --rm -it -p 8571:8080 gematik1/idp-server

or use docker compose:

$ mvn clean install -pl idp-server -am -Dskip.unittests -Dskip.inttests
$ export appVersion=27.0.3
$ export serverLoglevel=info (default)
$ docker-compose --project-name myidp -f docker-compose-ref.yml up -d

Smoke test: get discovery document

$ curl http://localhost:8571/auth/realms/idp/.well-known/openid-configuration

Scope Configuration via application.yaml

You can modify the scopes that are supported by the IDP Server. All you have to is add, remove or modify entries in the scopesConfiguration section of the idp-server's application.yml.

Configuration of Server URL

The URL of the idp-server is required for many fields inside the discovery document of the server. For example, the authorization endpoint:

{
"authorization_endpoint": "https://server42/sign_response",
...

The idp-server determines the URL in the following priority order if it exists:

1. jvm arg: --idp.serverUrl=https://myServerUrlAsJvmArgument.de
2. environment variable: IDP_SERVER_URL=myServerUrlFromEnv:8080
3. spring boot configuration (application.yml):

idp:
   serverUrl: "https://urlPreConfiguredUrl"

During development, it is recommended to set "severUrl" not in application.yml as some unit tests will fail then. Background: serverUrl will be set several times in the discovery document and used from there in unit tests. In unit tests, random (free) ports are used, and with that they are part of the serverUrl.

4. precompiled value: IdpConstants.DEFAULT_SERVER_URL

Unittests

disable: -Dskip.unittests

The key ref-es-sig can be published and was therefore added for unit tests (KeyUtilityTest).

Integration Testing/Approval Testing

disable: -Dskip.inttests

Tests of the Idp-Testsuite are integration tests as well.
Based on integration tests, approval tests are poosible. Please refer to README im submodule idp-testsuite.

Caveats

Call all build targets always from project root ("idp-global").

Tokenflow sites

• TokenFlow EGK
• TokenFlow PS
• TokenFlow SSO

Swagger

find generated API at: /swagger-ui/index.html