Single sign-on (SSO) is a way to log in only once and access different applications using the same login details. It is convenient, efficient, and secure. You just need to change the password once and not have to worry about updating it across other applications.
...
Property | Description |
---|---|
auth.oidc.rp.client.id | Default value "" Client ID provided by Identity Provider. If it is not present, the SSO functionality is disabled. |
auth.oidc.rp.provider.url | Default value "" Provide the Base URL to the associated Identity Provider. This URL, concatenated with `/.well-known/openid-configuration`, must retrieve the OpenID Provider's configuration as per the OpenID Connect Discovery specification. |
auth.oidc.rp.provider.name | Default value "" The name of the provider needs to be Azure if it is used and groups are returned as uids. |
auth.oidc.rp.groupPath | Default value "roles" Path in ID Token or UserInfo object to find an array of users Access groups as defined by the Access Controller, separated with a dot (.). |
auth.oidc.rp.auth.method | Default value "CLIENT_SECRET_BASIC" Available authentication methods are CLIENT_SECRET_BASIC and PRIVATE_KEY_JWT |
...
Note |
---|
Azure as Identity ProviderWhen Azure is used as an ID provider, be sure to set the property auth.oidc.rp.provider.name name to Azure to be able to fetch the groups. Then the groups are fetched from Microsoft Graph REST API. A request to Users endpoint to get the group membership is performed. Make sure to add API Permission GroupMember.Read.All in Azure. |
...