Solved

IAM as OpenID provider

  • 1 December 2020
  • 2 replies
  • 131 views

Userlevel 5
Badge +15

When I log in on the Community, the same credentials are used as I should log on in TCP. The same for the e-Learning environment. This is done using OpenID / Single Sign On. 

https://docs.thinkwisesoftware.com/docs/iam/openid.html#docsNav

The documentation is a bit short about this subject. Is it possible, and how should it be configured in IAM?

I would like to place our documentation behind a log in page using the same credentials needed for the webgui.

icon

Best answer by Anne Buit 1 December 2020, 12:15

View original

This topic has been closed for comments

2 replies

Userlevel 7
Badge +5

To enable OpenID SSO, the client application needs to support this.

In your case, your documentation website is the client. That means that the documentation website needs to support OpenID Connect as authentication mechanism.

Configuring OpenID in IAM and in the client application goes hand-in-hand. Various settings are determined in IAM and provided to the client application, and some URL’s are provided by the client application are subsequently registered in IAM.

A brief overview:

The ID the client is determined in IAM and should be provided to the client so they can save it in their OpenID configuration.

The client application will need to provide redirect URL’s where the user should be navigated after login and logout. This is then configured in IAM.

A secret is registered in IAM and must also be provided to the client application so they can save it in their OpenID configuration. The value of the secret is arbitrary and may be determined by an administrator.

There are various other settings about sharing the user profile and additional custom information (custom claims and resources) that can be shared with the client. These are all configured in IAM. Naturally, the client must be configured to receive and understand this information. You can configure IAM to require the user to provide consent to share all of this information with the client application.

Userlevel 5
Badge +15

Thanks for the answer, we'll have a look at it if we’re able find a suitable client.