Versions Compared

Old Version 2

changes.mady.by.user Fenyvesi, Gabor

Saved on

compared with

New Version Current

changes.mady.by.user Fenyvesi, Gabor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Status
colourGreen
titleAvailable in 9.7.6 and later

...

OpenID Connect is an open standard identity layer on top of the OAuth 2.0 protocol, it allows third-party applications to verify the identity of the end-user and to obtain basic user profile information. The Verba system only utilizes the Login ID of the authenticated user.

Verba supports the Authorization Code Flow:

...

Configuration


Item Description
Client ID
The Verba web interface will use this Client ID to request the ID Token
Client Secret
The Verba web interface will use this Client Secret to request the ID Token
Authentication Request URL

The Authorization Server URL

Authentication Request - response_type parameterUsually should be set to "code"
Authentication Request - scope parameterUsually should be set to "openid"
Authentication Request - login hint parameter name
Login Hint parameter name that will be passed to the Authorization Server (optional)

Token Request URL

The Token Request URL

Token Request - grant_type parameterUsually should be set to "authorization_code"
Token Request - AuthenticationThe authentication method of the Token Request (BASIC or POST body parameters)
ID Token AttributeWhich ID Token Attribute should be used to look up the Verba user (usually "sub")
Verify the state parameter

Should the "state" parameter be passed and verified in the response?
All modern OpenID Connect providers should support the state parameter

Verify the nonce claim

Should the "nonce" parameter be passed and verified in the token?
All modern OpenID Connect providers should support the state parameter

Authorization Endpoint HTTPS CertificateOnly set if the Authorization Endpoint's HTTPS Certificate is not trusted by Java running the Verba web application

...