Versions Compared

Old Version 8

changes.mady.by.user Sandra Dusic

Saved on

compared with

New Version 9

changes.mady.by.user Felicity Borrelli

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Single sign-on (SSO) is a way to log in only once and access different applications using the same login details. It is convenient, efficient, and secure. You just need to change the password once and not have to worry about updating it across other applications. 

...

Property

Description

auth.oidc.rp.client.id

Default value ""

Client ID provided by Identity Provider. If it is not present, the SSO functionality is disabled.

auth.oidc.rp.provider.url

Default value ""

Provide the Base URL to the associated Identity Provider. This URL, concatenated with `/.well-known/openid-configuration`, must retrieve the OpenID Provider's configuration as per the OpenID Connect Discovery specification.

Example: https://login.microsoftonline.com/<tenant_ID>/v2.0

auth.oidc.rp.provider.name

Default value ""

The name of the provider needs to be Azure if it is used and groups are returned as uids.

auth.oidc.rp.groupPath

Default value "roles"

Path in ID Token or UserInfo object to find an array of users Access groups as defined by the Access Controller, separated with a dot (.).
The groups should be an array of Strings.
Example:
Here the groups array is inside and object.
{ myObject : { myGroups : [ "myGroup1", "mygroup2" ] } }
The path should then be:
groupPath: myObject.myGroups
When the group's array is direct under UserInfo then groupPath is just the name of the group's array.

auth.oidc.rp.auth.method

Default value "CLIENT_SECRET_BASIC"

Available authentication methods are CLIENT_SECRET_BASIC and PRIVATE_KEY_JWT

...

Note

Azure as Identity Provider

When Azure is used as an ID provider, be sure to set the property auth.oidc.rp.provider.name name to Azure to be able to fetch the groups. Then the groups are fetched from Microsoft Graph REST API. A request to Users endpoint to get the group membership is performed. Make sure to add API Permission GroupMember.Read.All in Azure.

...