Fediz provides a comprehensive support for delegating the user authentication to trusted providers. Such providers can support SAML, WS-Fed or OpenId Connect protocols. Thus Fediz OIDC users can be authenticated locally or redirected further to registered authentication providers. This is achieved by assigning home realms to Fediz OIDC client registrations.
OIDC client applications can be registered with ClientRegistrationService. At the moment one can register confidential or public clients, set redirect URIs and restrict the clients with audience URIs.
Effectively Fediz OIDC is a complete OAuth2 server which supports all standard OIDC Core flows. It has JAX-RS service endpoints for supporting Authorization Code, Implicit and Hybrid flows and all OIDC response types.