Solve session fixation for OpenID Connect authentication with spring framework

Question

I have a spring application where I do OpenId Connect (OIDC) authentication. Session fixation is not being taken care of by default. what is the best way to handle it? My OIDC implememnation does not use any spring security. I was wondering if its possible to integrate Spring security with OIDC in some way to solve session fixation issue? If not, is there any clean solution for that? I did some search but could not really find anything relevant. Any thoughts?

score 0 · Answer 1 · edited May 23 '17 at 11:52

0

you can start with this https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/tree/master/openid-connect-client

If it is not what you need, you can start from oauth mechanism directly, as sugested in this post : How to implement Openid connect and Spring Security -> https://github.com/spring-projects/spring-security-oauth

edited May 23 '17 at 11:52

Community

1
1

answered Dec 02 '15 at 22:04

Cosmin Constantinescu

285
1
7

thanks for your reply. https://github.com/spring-projects/spring-security-oauth looks like a whole new implementation.I already have an OIDC implementation working. I basically wanted to know how I can integrate spring security with my existing OIDC implementation. would it be very complex? – user1892775 Dec 03 '15 at 00:55

Solve session fixation for OpenID Connect authentication with spring framework

1 Answers1