OpenID Connect Configuration - Fluid Topics - 3.7

Fluid Topics Integration Guide

Operating system
Debian
Category
Reference Guides
Audience
public
Version
3.7

The declaration of an OpenID Connect identify provider requires three pieces of information, all given by the identity provider:

  • A client ID
  • A secret
  • A discovery URL

Client ID and secret are common to all OAuth based realms.

The discovery URL is specific to the OpenID Connect protocol. That URL targets a readable "discovery document" in JSON format, which fully describes the identity provider.

Contrary to SAML, there are multiple servers implicated in the authentication/authorization process. Listing all these servers would be cumbersome for service providers. Making this discovery document publicly available is a part of the OpenID norm and ease the configuration of service providers.

To configure the OpenID Connect realm, the tenant must have the oidc configuration updated within the conf.json configuration file.

Edit the following file:

As antidot user

/usr/local/afs7/Fluid-Topics/conf/$TENANT_ID/conf.json

The following lines show a template of an OpenID Connect realm configuration:

{
...
"ui": {
"authentication": {
"realms": [
{
"name": "$NAME",
"type": "oidc",
"configuration":
{
"clientId":"$CLIENT_ID",
"secret" : "$CLIENT_SECRET_KEY",
"discoveryUrl":"$IDENTITY_PROVIDER_DISCOVERY_URL"
}
}
]
},
...
}

Where:

  • name: expects a name for the configuration.
  • clientId: expects the client identifier given by the identity provider when creating a new project.
  • secret: expects the client secret key given by the identity provider when creating a new project.
  • discoveryUrl: expects the Identity Provider discovery URL.