OpenID Connect Provider
An OpenID Connect Provider (OP) is a server that authenticates users and provides identity information to applications using the OpenID Connect protocol. It’s a service that:
- verifies who the user is (authentication),
- issues identity tokens (usually in JWT format),
- shares user information (like email, name, etc.) with trusted applications, called Relying Parties (RPs).
General parameters:
- OPENID_PROVIDER:
boolean
defaultfalse
; enable OpenID Provider service. - OPENID_PROVIDER_WITH_ENDPOINT_APPLICATION (opzionale):
boolean
defaultfalse
; make the endpoint application reachable.
Parameters for the element where n is a positive natural number:
- OPENID_PROVIDER_CLIENT_ID_n:
string
; it identifies the OIDC client during authentication flows. - OPENID_PROVIDER_CLIENT_SECRET_n:
string
; a confidential string shared between the OpenID Provider (OP) and the client application (also called the Relying Party) - OPENID_PROVIDER_SUPPORTED_CALLBACK_CSV_n:
string
; specifies a comma-separated list of allowed redirect URIs (callback URLs) for the corresponding client
The discovery endpoint is located in {context}/.well-known/openid-configuration
; {context}
can vary depending on where the rule is applied: it can be empty or, for example, /application
if /application
is the configured base path.
Add the token
endpoint (it’s a built-in local service) with address 127.0.0.1
, port 5555
,
SSL=false
. The uriPath
must be {context}/token
(proxyUrl=/callback
only if {context}
is not empty).
You must also apply the same rule that applies to the service.
Last updated on