In 2021. I’ve participated in a GÉANT Trust & Identity Incubator project for adding OpenID Connect OP support in SimpleSAMLphp software together with Sergio Gomes and Patrick Radtke.

SSP is one of the most widely used IdP/SP software in the GÉANT community. Furthermore, the adoption of OIDC is growing steadily, especially third-parties use it commonly. The OP module offers NRENs and institutions an easy way to provide an OIDC IdP.

The result of the project is a dedicated SimpleSAMLphp module available here: https://github.com/simplesamlphp/simplesamlphp-module-oidc

Currently supported flows with passing conformance tests are:

  • Authorization Code flow, with PKCE support (response_type ‘code’)
  • Implicit flow (response_type ‘id_token token’ or ‘id_token’)
  • Refresh Token flow

The final presentation of the project is available here: https://wiki.geant.org/download/attachments/320471174/SSP-OIDC_demo.mp4?version=1&modificationDate=1632930580727&api=v2