Authentication using OpenID Connect
See also: User Authentication, OpenID Connect, Application Authentication, OpenID Connect Configuration
The ability to
authenticate using OpenID
Connect is an authentication option supplied with the system. It can be used
to connect to any external OpenID Connect provider
e.g. Google Identity Platform, a remote Active Directory system using ADFS etc.
Depending on the implementation this might result in a popup window being shown
where the user can enter their user name and password. Roles and credentials
can be populated automatically from the claims returned by the provider if this
is supported by the provider system.
When the Use OpenID Connect
checkbox is checked, the connection marked as the default is used to authenticate all users when they first connect
to the system. Connection configurations can also be used for application authentication.
OpenID Connect authentication is configured on the User Authentication page of the
Server Admin App.
Prerequisites:
- An OAuth
Configuration must be configured – see Server Admin App OAuth
Configuration. The OpenID
Connect protocol is an extension of OAuth 2.0, and similarly an OpenID
Connect configuration is based on an OAuth
Configuration and provides a way of extending the OAuth
Configuration to provide more properties required for OpenID
Connect.
Connecting to ADFS
A step by step guide to
connecting to a remote Active Directory using ADFS is provided here.