Skip to end of metadata
Go to start of metadata


The following is a tutorial on how to configure midPoint with Gluu in order to perform SSO using OpenID Connect.

In this example we are using:

  • Ubuntu Xenial
  • midPoint 3.5
  • Tomcat 8
  • Apache 2
  • mod_auth_openidc 2.2.x



First version of the Howto document contributed by Dario Tongue

The setup 


Firstly please make sure that you have Apache Tomcat and midPoint installed and working properly. Also install Apache with rewrite, proxy and proxy_http modules and configure them to work with Apache Tomcat and midPoint. There steps can be found in this previous how to. 

Next configure Apache with SSL. And install the mod_auth_openidc module onto Apache and configure it properly so it will work with your OpenID Connect Provider. For more details follow the following how to.

The claim user_name of our OpenID Connect Provider (Gluu in our case) matches midPoint user "name". This also means that one of the scopes of your client mod_auth_openidc defined on your OpenID Connect Provider contains the claim user_name.

Apache configuration


After applying the configuration restart apache:

Midpoint configuration

Edit the ctx-web-security.xml located at /var/lib/tomcat8/webapps/midpoint/WEB-INF

Uncomment the following so that reads: 

Edit the following value "principalRequestHeader" in the bean "requestHeaderAuthenticationFilter" so that it reads:

Edit the following value "defaultTargetUrl" in the bean "logoutHandler" so that it reads :

Restart tomcat:

External links


  • No labels