Versions Compared

Old Version 4

changes.mady.by.user Henrik Pålsson

Saved on

compared with

New Version Current

changes.mady.by.user Henrik Pålsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Single sign-on (SSO) is a way to log in only once and access different applications using the same login details. It is convenient, efficient and secure. You just need to change the password once and not have to worry about updating it across other applications. 

...

Property

Description

auth.oidc.rp.client.id

Default value ""

Client ID provided by Identity Provider. If it is not present, the SSO functionality is disabled.

auth.oidc.rp.provider.url

Default value ""

Provide the Base URL to the associated Identity Provider. Read access is required for the /.well-known/openid-configuration file to acquire the relevant Provider Configurations.
Example: https://login.microsoftonline.com/<tenant_ID>/v2.0

auth.oidc.rp.provider.name

Default value ""

The name of the provider needs to be Azure if it is used and groups are returned as uids.

auth.oidc.rp.groupPath

Default value "roles"

Path in ID Token or UserInfo object to find an array of users Access groups as defined by the Access Controller, separated with a dot (.).
The groups should be an array of Strings.
Example:
Here the groups array is inside and object.
{ myObject : { myGroups : [ "myGroup1", "mygroup2" ] } }
The path should then be:
groupPath: myObject.myGroups
When the group's array is direct under UserInfo then groupPath is just the name of the group's array.

auth.oidc.rp.auth.method

Default value "CLIENT_SECRET_BASIC"

Available authentication methods are CLIENT_SECRET_BASIC and PRIVATE_KEY_JWT

...

Note

Azure as Identity Provider

When Azure is used as an ID provider, be sure to set the property auth.oidc.rp.provider.name to Azure to be able to fetch the groups. The reason for this is that Azure is sending a list of group ids, but the system needs the Access group name. When ID Provider is Azure it uses the group id to fetch the group name from the Azure Graph API endpoint, currently using v1Then the groups are fetched from Microsoft Graph REST API. A request to Users endpoint to get the group membership is performed. Make sure to add API Permission GroupMember.Read.All in Azure.

Private Key Authentication

...