OpenCCT
OpenCCT: OpenID Connect SSO authentication client Java library - Page 5
Authentication errors management
<filter>
  ...
  <init-param>
   <param-name>error-path</param-name>
   <param-value>/custom_error</param-value>
  </init-param>
</filter>
 
The authenticated user's data

If the user, redirected to the authentication server, is authenticated, OpenCCT creates an instance of the net.meddeb.oauth.opencct.User class with this user's data. Then store this instance in the session. This class is used to enter the following data:

  • Unique identifier managed by the authentication server.
  • Last name and first name.
  • E-mail address and status of this address: verified or not.

By default only the unique identifier is retrieved by OpenCCT but this behavior can be modified by the introduction of the filter's optional parameter oauth-scope. This parameter can be added to the «web.xml» file as follows:

<filter>
  ...
  <init-param>
   <param-name>oauth-scope</param-name>
   <param-value>PE</param-value>
  </init-param>
</filter>

The value of this parameter must be a combination of the letters E and P: one of the two or both at the same time. «P» allows to retrieve the first and last name of the user and «E» his email address. The recovery of this data is subject to the consent of the user during authentication. If the user does not allow access to this data, authentication fails. For this, it's necessary to use carefully this parameter and to ask access to a data only if it's really essential.

On the other hand, some authentication servers require the call to an additional information point to retrieve this data: Userinfo endpoint. You should take information about this for the used server. If this is the case, you must add the userinfo-endpoint parameter in the file «web.xml». The value of this parameter is the URL of this access point and which the server documentation used must provide.