OIDC
OpenID Connect (OIDC) is an open authentication protocol, built upon the OAuth 2.0 framework. OIDC enables individuals to employ single sign-on (SSO) for accessing various relying party sites by leveraging OpenID Providers (OPs). These providers, like email services or social networks, authenticate user identities. The protocol provides pertinent user information, authentication context, and access to profile details to the application or service involved.
The purpose of OIDC is to enable users to utilize a single set of credentials across multiple sites. When users sign in to an application or service through OIDC, they are directed to their chosen OpenID Provider (OP). After authentication at the OP, they are redirected back to the application or service they intended to access.
OIDC stands as a contemporary security protocol engineered to safeguard browser-based applications, APIs, and native mobile applications. It delegates user authentication to the service provider hosting the user account, granting authorization to third-party applications for accessing the user's account.
A connector is required in ADSS Web RA Admin to communicate with OpenID Connect (OIDC).
Create an OIDC Connector
- Expand External Services > Connectors from the left menu.
- Click
from the grid header. - A dialog will appear to add the connector details. The connector dialog consists of two screens, i.e. Basic Information and Details. Specify the basic information and click Next to provide the respective connector details. See the below table for fields description.
- Click Create. A new connector will be saved and displayed in the list.
|
Basic Information |
|
|
Field |
Description |
|
Name |
Specify a unique name for this connector, e.g. OIDC Demo. This connector will be used in the OIDC. |
|
Provider |
Select OIDC as a provider for this connector. |
|
Active |
Tick this check box to make this connector active. Inactive connectors cannot be configured in authentication profiles. |
|
Details |
|
|
Field |
Description |
|
Discovery Document URL |
Specify the discovery document URL from the Azure portal application. In case of Single tenant: The discovery document URL will contain the tenant ID in organization's part of the URL. In case of Multi-tenant: The discovery document URL will not contain the tenant ID in organization part of the URL. An operator will have to copy the tenant ID from the Azure portal application and paste it in the organisation part of the URL. (Details mentioned in the How to Configure- OIDC section of the guide) |
|
Client ID |
Specify the client ID from the Azure Active Directory application. |
|
Client Secret |
Specify the client secret that has been generated in the Azure Active Directory application. |
|
Scope |
It is mandatory to enter "openid" scope in this field. You may also enter email, profile, etc. |
Click here to learn more on app registration for OIDC in Azure portal.
