OIDC module

Acts as an OpenID Connect Provider.

On this page, you can manage the Back-Channel Endpoints. The configuration of the Authorization Endpoint depends on the selected OIDC flow type:

For Authorization Code Flow, click LINK.
For Implicit Flow, click LINK.

Introduction

Can be configured in multiple instances allowing for multi tenancy.

Acts as an OpenID Connect provider. It acts as a controller mainly for issuing Json Web Tokens (JWT). Typically the configured authenticator is the first point of contact coming from an OpenID Connect Relying Party, requesting identification.

Fortified Integrity have achieved certifications for five OpenID Provider conformance profiles. Read more about these profiles here: https://openid.net/certification/

OpenID Connect Provider Configuration

Module name: OIDCModule

{
      "name": "OIDCModule",
      "enabled": true,
      "config":{
        "providers":[
            {
              "http_context" : "/oidc",
              "http_port" : 8080,
              "discovery_meta" : {
                  "issuer" : "http://192.168.50.228:8080/oidc/tenant1",
                  "authorization_endpoint" : "http://192.168.50.228:8080/test/authn/oidc",
                  "token_endpoint" : "http://192.168.50.228:8080/oidc/tenant1/token-endpoint",
                  "userinfo_endpoint" : "http://192.168.50.228:8080/oidc/tenant1/userinfo-endpoint",
                  "introspection_endpoint" : "http://192.168.50.228:8080/oidc/tenant1/introspection-endpoint",
                  "jwks_uri" : "http://192.168.50.228:8080/oidc/tenant1/.well-known/openid-configuration/jwks",
                  "end_session_endpoint" : "http://192.168.50.228:8080/test/authn/oidc/logout",
                  "scopes_supported" : [ "openid" ],
                  "response_types_supported" : [ "code" ],
                  "grant_types_supported" : [ "authorization_code" ],
                  "subject_types_supported" : [ "public" ],
                  "id_token_signing_alg_values_supported" : [ "RS256" ],
                  "token_endpoint_auth_methods_supported" : [ "client_secret_post", "client_secret_basic" ],
                  "claims_supported" : [ "iss", "ver", "sub", "given_name", "family_name" ],
                  "request_parameter_supported" : true
              },
              "tenant_op_path" : "/tenant1",
              "keystore" : {
                    "path" : "/fortified_test/keystore.p12",
                    "password" : "secret",
                    "type" : "PKCS12"
              },
              "sign_jwt_keystore_password" : "secret",
              "sign_jwt_keystore_alias" : "jwt",
              "rps" : [{
                    "client_id" : "provided",
                    "client_secret" : "provided",
                    "pipe_id":"optional_pipe_id",
                    "redirect_uri" : [ "https://auth.organisation.com/authenticate/oidcrp" ],
                    "post_logout_redirect_uris" : ["https://auth.organisation.com/authenticate/oidcrp/loggedout"]
              }]
        }]
      }
}

PreviousOIDC NextOpenID Configuration endpoint