OpenID Connect on Write-Back Server
Summary
To use OpenID Connect as the authentication mechanism besides the settings on Write-Back you also need some settings on the identity provider (IdP).
Preparing for OpenID
Step 1: Configure IdP
To use OpenID Connect as an authentication option we need the following properties configured on the identity provider:
- grant access to the openid and email scope (we use the email to audit the records in the historical_audit database)
- the token endpoint authentication method is set to basic.
- the callback URL should be: https://yourdomain.com/twbe/openid_connect_login
We are also assuming that the identity provider is configured for:
- support code, token, and id_token as response type options
- support for pairwise and public subject types (you can choose any to use with Write-Back)
- support for the scopes required above
Step 2: Configure Write-Back
After this, you are now able to configure OpenID SSO with Write-Back through our manager.
Tip
You can find the information about the properties required by the Write-Back Manager by taking a look at the /.well-known/openid-configuration which is usually implemented in your idp.