...
OIDC Identity ProviderĀ
| Excerpt |
|---|
It is possible to configureĀ configure Usage Engine to take on the role of the 'identity provider' (IdP) in the OpenID Connect Authorization Code Flow described in https://openid.net/specs/openid-connect-core-1_0.html. |
...
OIDC Client Configuration
For an OIDC client to useĀ use Usage Engine as an OIDC IdP, it needs some configuration to make it able to find and use the IdP APIs correctly. This can be done either through Endpoint Discovery or through Manually Configured Endpoints.
...
If the OIDC client supports Provider Configuration service discovery (https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig), it is enough to configure the issuer URL of the Usage Engine IdP for the client to be able to find the URL of all endpoints. The URL must be reachable from the OIDC client. Refer to the client documentation for details on how to set issuer URL.
| Note | ||
|---|---|---|
| ||
The service discovery support in Usage Engine currently does not include Issuer Discovery ('/.well-known/webfinger'), only Provider Configuration Discovery ('/.well-known/openid-configuration'). |
...
The below configuration example configures a Grafana installation as OIDC client to the Usage Egnine Identity Provider available at the URL https://mediationzone.exampledomain.com. Note that this example uses manually configured endpoints and does not include the Issuer URL.
...