The OpenID Connect (OIDC) connector allows SigningHub to connect with any third-party authentication service that supports OIDC protocol such as Google and Azure Active Directory. This is a generic configuration so the "Auth URL" provided in the connector will be used for identifying the third-party service configured to authenticate the user both at the time of login and at the time of signing.


Create an OIDC connector:



  1. From the left menu, click "Configurations".
  2. Click "Connectors" .
  3. From the top right corner of the connectors list, click .
    The Add Connector dialog is displayed..


The Add Connector dialog is a step-wise wizard consisting of the following the steps for configuring the connector:


  1. Basic Information 
  2. Details


On the Basic Information section:



4.   Type in a unique Name for the connector.

5.   Select "OIDC" in the Provider field.

6.   Click Next.


The following image illustrates an example of information entered on the dialog.


On the Details section:


7.    Specify the fields as required by the third-party service; leave the rest empty.

8.   Click Finish.
The OIDC connector has been added and can be used in an authentication profile.


The following image illustrates the example information entered on the "Details" section of the dialog. 



The following table describes the fields on the "Basic Information" section of this dialog.


Basic Information Section

Fields

Description

Name 

Specify a unique name for this connector, i.e. My Google. This connector will be used in the configuration of Authentication Profiles. 

Provider

Select the provider for this connector, i.e. "OIDC". 

Purpose

This field will display the purpose of the selected provider above, i.e. the purpose of "OIDC" is "Authentication".

Active

Select to make this connector active. Keep the check box empty to make the connector In-active. An inactive connector cannot be configured in the Authentication Profiles.

Next

Displays the "Details" section.


The following table describes the fields on the "Details" section of this dialog.


Details Section

Fields

Description

Logo 

Select an appropriate image in the jpeg, jpg, gif or png format for the connector's logo that will be displayed on the login screen.

Discover Document URL

Enter the "Discovery Document URL", OpenID Connect defines a discovery mechanism, called OpenID Connect Discovery, where an OpenID server publishes its metadata at a well-known URL, typically
https://server.com/.well-known/openid-configuration
This URL returns a JSON listing of the OpenID/OAuth endpoints like [Auth URL] that is third-party authentication server URL. For example, "https://accounts.google.com/o/oauth2/v2/auth" is for Google and [Access Token URL] that is third-party authentication server URL for exchanging the authorization code for an access token. For example, "https://www.oauth2.googleapis.com/token" is provided by Google. , supported scopes and claims, public keys used to sign the tokens, and other details.

Client ID

Enter the registered client ID as provided by the third-party authentication server.  By default, the text is masked with asterisks, you can click  to view the entered text.

Client Secret

Enter the client secret as provided by the third-party authentication server.  By default, the text is masked with asterisks, you can click  to view the entered text.

Scope

REQUIRED OpenID Connect requests MUST contain the openid scope value. (its auto filled in field) add more parameters if needed like National ID, email, or profile (separated with empty space)
OpenID Connect Clients use scope values to specify what access privileges are being requested for Access Tokens.

Callback URL

URL that OAuth invokes after the authentication process completed.OAuth redirects back to this URL and appends additional parameters to it, including an access code which will be exchanged for an id_token, access_token and refresh_token.

For example if your SigningHub site is "https://web.signinghub.com" then the Callback URL will be "https://web.signinghub.com/OIDC/CallBack".

Finish

Creates a new connector using the information entered on the dialog.



See Also