Single sign-on (SSO) is a way to log in only once and access different applications using the same login details. It is convenient, efficient and secure. You just need to change the password once and not have to worry about updating it across other applications.
...
| Property | Description |
|---|---|
| auth.oidc.rp.client.id | Default value "" Client ID provided by Identity Provider. If it is not present, the SSO functionality is disabled. |
| auth.oidc.rp.provider.url | Default value "" Provide the Base URL to the associated Identity Provider. Read access is required for the /.well-known/openid-configuration file to acquire the relevant Provider Configurations. |
| auth.oidc.rp.provider.name | Default value "" The name of the provider needs to be Azure if it is used and groups are returned as uids. |
| auth.oidc.rp.groupPath | Default value "roles" Path in ID Token or UserInfo object to find an array of users Access groups as defined by the Access Controller, separated with a dot (.). |
| auth.oidc.rp.auth.method | Default value "CLIENT_SECRET_BASIC" Available authentication methods are CLIENT_SECRET_BASIC and PRIVATE_KEY_JWT |
...
| Property | Description |
|---|---|
| auth.oidc.rp.client.secret | Default value "" This property sets the relevant Client Secret. Needs to be encrypted. |
You need to add the following values to the OIDC provider
...
as redirect URLs:
| Property | Description |
|---|---|
| User Interface | http(s)://<hostname>:<ui-webserver-port>/desktop/sso |
| Desktop Launcher | http(s)://<hostname>:<platform-webserver-port>/launch/api/desktop/v1/sso |
The following properties are mandatory when PRIVATE_KEY_JWT is used as an authentication method:
...