OpenID Connect Provider
An OpenID Connect Provider (OP) is a server that authenticates users and provides identity information to applications using the OpenID Connect protocol. It’s a service that:
- verifies who the user is (authentication),
- issues identity tokens (usually in JWT format),
- shares user information (like email, name, etc.) with trusted applications, called Relying Parties (RPs).
General parameters:
- OPENID_PROVIDER:
booleandefaultfalse; enable OpenID Provider service. - OPENID_PROVIDER_WITH_ENDPOINT_APPLICATION (opzionale):
booleandefaultfalse; make the endpoint application reachable.
Parameters for the element where n is a positive natural number:
- OPENID_PROVIDER_CLIENT_ID_n:
string; it identifies the OIDC client during authentication flows. - OPENID_PROVIDER_CLIENT_SECRET_n:
string; a confidential string shared between the OpenID Provider (OP) and the client application (also called the Relying Party) - OPENID_PROVIDER_SUPPORTED_CALLBACK_CSV_n:
string; specifies a comma-separated list of allowed redirect URIs (callback URLs) for the corresponding client
The discovery endpoint is located in {context}/.well-known/openid-configuration; {context} can vary depending on where the rule is applied: it can be empty or, for example, /application if /application is the configured base path.
Add the token endpoint (it’s a built-in local service) with address 127.0.0.1, port 5555,
SSL=false. The uriPath must be {context}/token (proxyUrl=/callback only if {context} is not empty).
You must also apply the same rule that applies to the service.
Last updated on