1. Introduction
2. Prerequisites for use
3. Use
4. Authentication errors management
5. Authenticated User's data

The OpenID Connect protocol is the authentication layer of OAuth 2.0 authorization protocol. Due to its reliability and robustness qualities, OAuth began to widely used and the authentication/autorization servers that implement it are increasingly numerous.

OpenCCT is a Java module / component that implements the OpenID Connect protocol on the client side. As such, it allows a Java / JEE application that uses it to integrate a user SSO authentication feature in a very simple way:

• Simple addition of the binary module (eg by a Maven dependency).
• Very few modifications of the target application's code.
• Simple setting by configuration file.

Despite the relative complexity of the features implemented to ensure security, the OpenCCT code remains simple to address and study the content. It guarantees total transparency as to its operation.

A Java / JEE web application that uses OpenCCT must integrate the component's binary package. It must also include the appropriate settings in its web deployment descriptor (web.xml file). This setting provides the link between the target application and the component via the HTTP filter provided by OpenCCT. Under these conditions, if a user wishes to access the protected area of the application (step 1): If it is not already authenticated to the authentication server: it will be redirected to this server to perform connection (step 2). If it is already authenticated to the authentication server: it will be declared as connected. In both cases, exchanges between OpenCCT and the authentication server (step 3) make it possible to confirm the identity of the user, retrieve information about this identity and make them available to the application.

OpenCCT is a free and opensource software. It is licensed under the GNU LGPL v3+ license.