OpenID Connect on Write-Back Server

Owned by Ricardo Pires
Last updated: Mar 01, 2024 by Bruno Gomes
1 min read

Summary

To use OpenID Connect as the authentication mechanism besides the settings on Write-Back you also need some settings on the identity provider (IdP). 

Preparing for OpenID 

Step 1: Configure IdP

To use OpenID Connect as an authentication option we need the following properties configured on the identity provider:

  • grant access to the openid and email scope (we use the email to audit the records in the historical_audit database)
  • the token endpoint authentication method is set to basic.
  • the callback URL should be: https://yourdomain.com/twbe/openid_connect_login

We are also assuming that the identity provider is configured for:

  • support code, token, and id_token as response type options
  • support for pairwise and public subject types (you can choose any to use with Write-Back)
  • support for the scopes required above

Step 2: Configure Write-Back

After this, you are now able to configure OpenID SSO with Write-Back through our manager.


Tip

You can find the information about the properties required by the Write-Back Manager by taking a look at the /.well-known/openid-configuration which is usually implemented in your idp.