{"id":23859233,"url":"https://github.com/openconext/openconext-myconext","last_synced_at":"2026-02-10T16:22:31.690Z","repository":{"id":36649532,"uuid":"229248563","full_name":"OpenConext/OpenConext-myconext","owner":"OpenConext","description":"A (guest) IdP for OpenConext","archived":false,"fork":false,"pushed_at":"2026-02-05T08:06:33.000Z","size":50295,"stargazers_count":3,"open_issues_count":80,"forks_count":11,"subscribers_count":13,"default_branch":"main","last_synced_at":"2026-02-05T08:41:06.566Z","etag":null,"topics":["identity","idp","saml-idp"],"latest_commit_sha":null,"homepage":"https://eduid.nl/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OpenConext.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-12-20T10:59:27.000Z","updated_at":"2026-02-05T08:06:37.000Z","dependencies_parsed_at":"2023-10-15T11:34:02.267Z","dependency_job_id":"6d032284-8e94-49ff-b1ba-9b882d7c453d","html_url":"https://github.com/OpenConext/OpenConext-myconext","commit_stats":null,"previous_names":[],"tags_count":113,"template":false,"template_full_name":null,"purl":"pkg:github/OpenConext/OpenConext-myconext","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FOpenConext-myconext","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FOpenConext-myconext/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FOpenConext-myconext/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FOpenConext-myconext/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OpenConext","download_url":"https://codeload.github.com/OpenConext/OpenConext-myconext/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FOpenConext-myconext/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29307587,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-10T16:09:25.305Z","status":"ssl_error","status_checked_at":"2026-02-10T16:08:52.170Z","response_time":65,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["identity","idp","saml-idp"],"created_at":"2025-01-03T03:33:08.774Z","updated_at":"2026-02-10T16:22:31.652Z","avatar_url":"https://github.com/OpenConext.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MyConext\n[![JAVA CI](https://github.com/OpenConext/OpenConext-myconext/actions/workflows/actions.yml/badge.svg)](https://github.com/OpenConext/OpenConext-myconext/actions/workflows/actions.yml)\n![Coverage](.github/badges/jacoco.svg)\n![Branches](.github/badges/branches.svg)\n\nAn IdP for OpenConext. A user can create and manage his own identity. Authentication uses a magic-link by default, and FIDO2 or a password can be added later.\n\n## Content\n\n- [Getting started](#getting-started)\n\t- [System Requirements](#system-requirements)\n- [Building and running](#building-and-running)\n\t- [Database and Maipit](#database-and-maipit)\n\t- [MyConext-Server](#myconext-server)\n\t- [Account-GUI](#account-gui-idp)\n\t- [MyConext-GUI](#myconext-gui-sp)\n\t- [Servicedesk-GUI](#servicedesk-gui-sp)\n\t- [Public-GUI](#public-gui-content-website)\n\t- [Build](#build)\n\t- [Mail](#mail)\n    - [Cron](#cron)\n\t- [Crypto](#crypto)\n\t- [Translations](#translations)\n\t- [Miscellaneous](#miscellaneous)\n\t- [Migration](#migration)\n\t- [Attribute Manipulation](#attribute-manipulation)\n\t- [Attribute Aggregation](#attribute-aggregation)\n\t- [OpenAPI Documentation](#openapi-documentation)\n\t- [IDIN \u0026 e-Herkenning](#idin--e-herkenning)\n\t- [Running the IdP and testing localhost](#running-the-idp-and-testing-localhost)\n- [How to use](#how-to-use)\n\t- [IDP Flow](#idp-flow)\n\n## Getting started\n\n### System Requirements\n\n- Java 21\n- Maven 3\n- MongoDB 3.4.x\n- Yarn 1.x\n- NodeJS (version 23.2.0)\n- Mailpit\n\n## Building and running\n\n### Database and Maipit\n\nThe `docker-compose.yaml` file in this project is meant for local development and contains a Mongo database and Mailpit instance\n\n```shell\ndocker compose up -d\n```\n\n### MyConext-Server\n\nThis project uses Spring Boot and Maven. To run locally, type:\n\n```shell\ncd myconext-server\nmvn spring-boot:run -Dspring-boot.run.profiles=dev\n```\n\nWhen developing, it's convenient to just execute the applications main-method, which is in [Application](myconext-server/src/main/java/myconext/MyConextServerApplication.java).\nDon't forget to set the active profile to dev.\n\n### Account-GUI (IDP)\n\nThe IdP is also built with Svelte and to get initially started:\n\n```shell\ncd account-gui\nnvm use\nyarn install\nyarn dev\n```\nThere is no home page, you'll need to visit an SP and choose \"Local SURFconext Guest IdP\" to login. App is running on port 3000.\n\n### MyConext-GUI (SP)\n\nThe myconext ServiceProvider is built with Svelte and to get initially started:\n\n```shell\ncd myconext-gui\nnvm use\nyarn install\nyarn dev\n```\n\nBrowse to the [application homepage](http://localhost:3001/).\n\n### Servicedesk-GUI (SP)\n\nThe myconext servicedesk is also built with Svelte and to get initially started:\n\n```shell\ncd servicedesk-gui\nyarn install\nyarn dev\n```\n\nBrowse to the [application homepage](http://localhost:3003/).\n\n### Public-GUI (Content website)\n\nThe myconext public gui is built with Vite and to get initially started:\n\n```shell\ncd public-gui\nyarn install\nyarn dev\n```\n\nBrowse to the [application homepage](http://localhost:3002).\n\n### Build\n\nTo deploy production bundles\n```bash\nmvn deploy\n```\n### Mail\n\nThe default mail configuration sends mails to port 1025. Install https://mailpit.axllent.org/ and capture all emails send. \nYou can see all mails delivered at http://localhost:8025/ when mailpit is installed.\n\nIn case when not using the Docker Compose file, you can install Mailpit with Brew\n\n```bash\nbrew install mailpit\n```\n\n### Cron\n\nThe cron jobs, which may only run on one node, use a database locking mechanisme to obtain a lock. If successful, then the\njob is executed, otherwise not. See `myconext.cron.AbstractNodeLeader`\n\n### Crypto\n\nThe myconext application uses a private RSA key and corresponding certificate to sign the SAML requests. We don't want\nto provide defaults, so in the integration tests the key / certificate pair is generated on the fly. if you want to\ndeploy the application in an environment where the certificate needs to be registered with the Service Provider (Proxy)\nthen you can generate a key pair with the following commands:\n```\ncd myconext/myconext-server/src/main/resources\nopenssl genrsa -traditional -out myconext.pem 2048\nopenssl req -subj '/O=Organization, CN=OIDC/' -key myconext.pem -new -x509 -days 365 -out myconext.crt\n```\nAdd the key pair to the [application.yml](myconext-server/src/main/resources/application.yml) file:\n```\nprivate_key_path: classpath:/myconext.pem\ncertificate_path: classpath:/myconext.crt\n```\nIf you need to register the public key in EB then issue this command and copy \u0026 paste it in Manage for the correct IdP:\n```\ncat myconext.crt |ghead -n -1 |tail -n +2 | tr -d '\\n'; echo\n```\n### Translations\n\nThe github actions will generate new translations of the source is changed.\n\n```bash\nyarn localicious render ./localizations.yaml ./account-gui/src/locale/ --languages en,nl --outputTypes js -c SHARED\nrm -fr ./account-gui/src/locale/js/Localizable.ts\nyarn localicious render ./localizations.yaml ./myconext-gui/src/locale/ --languages en,nl --outputTypes js -c SHARED\nrm -fr ./myconext-gui/src/locale/js/Localizable.ts\n```\n\n### Miscellaneous\n\nTo get an overview of the git source file's:\n```\ncloc --read-lang-def=cloc_definitions.txt --vcs=git\n```\n\n### Migration\n\nIt's possible to migrate from an existing IdP to this IdP. A new identity will be created, and the eppn wil be copied.\n\n### Attribute Manipulation\n```\ncurl -u oidcng:secret \"http://login.test2.eduid.nl/myconext/api/attribute-manipulation?sp_entity_id=https://test.okke\u0026uid=0eaa7fb2-4f94-476f-b3f6-c8dfc4115a87\u0026sp_institution_guid=null\"\n```\n\n### Attribute Aggregation\n```\ncurl -u aa:secret \"https://login.test2.eduid.nl/myconext/api/attribute-aggregation?sp_entity_id=https://mijn.test2.eduid.nl/shibboleth\u0026eduperson_principal_name=j.doe@example.com\"\n```\nEndpoint to detect duplicate eduID's for SP's that have the same institutionGuid\n```\ncurl -u aa:secret 'https://login.test2.eduid.nl/myconext/api/system/eduid-duplicates' | jq .\n```\n\n### OpenAPI Documentation\n\nhttp://localhost:8081/myconext/api/swagger-ui/index.html\n\nhttp://localhost:8081/myconext/api/api-docs\n\nhttps://login.test2.eduid.nl/myconext/api/swagger-ui/index.html\n\nhttps://login.test2.eduid.nl/myconext/api/api-docs\n\n### IDIN \u0026 e-Herkenning\n\nThe redirect URI's for local development have to start with https. You can use the reverse proxy of ngrok for this. For example:\n```\nngrok http --domain okke.harsta.eu.ngrok.io 8081\n```\n\n### Running the IdP and testing localhost\n\nThe [idp_metadata.xml](idp_metadata.xml) file contains the IdP metadata for localhost development. Import an IdP in Manage and\nwhitelist this for the SP's you want to test with. The OIDC-Playground is capable of testing the different ACR options.\n\n## How to use\n\nHave MyConext server and all 4 GUI projects running.\nNote: Account-GUI starts with `Whoops… Something went wrong (404)`, this is ok.\n\n### IDP Flow\n\n1. https://oidc-playground.test2.surfconext.nl/\n2. Check `Force authentication` and click on Submit\n3. Select `Local eduID IdP` from the list\n4. User is `jdoe@example.com`, chose one-time login via e-mail\n5. See [Mailpit](http://user:password@145.90.230.133:8025/) for the OTP\n6. You get redirected back to the playground with JWT data\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenconext%2Fopenconext-myconext","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenconext%2Fopenconext-myconext","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenconext%2Fopenconext-myconext/lists"}