AVAILABLE IN 9.7.6 AND LATER
Overview
OpenID Connect is an open standard identity layer on top of the OAuth 2.0 protocol, it allows third-party applications to verify the identity of the end-user and to obtain basic user profile information. The Verba system only utilizes the Login ID of the authenticated user
Verba supports the Authorization Code Flow:
The user opens the Verba web interface and types the Login ID
- The Verba web interface offers the OpenID Connect authentication
- The user chooses the OpenID Connect and the browser is redirected to the Authorization Server
- The user authenticates itself and is redirected back to the Verba web interface with the Authorization Code
The Verba back-end requests an ID Token using the Authorization Code at the Token Endpoint
The Verba Web Application validates the ID Token and the user is logged into the application
Configuration
| Item | Description |
|---|---|
| Verba User Attribute | The user attribute used for matching the user |
| Verba User Attribute Matching | Defines the matching for the user attribute |
| Request Header | The token can be sent either by a request header or an HTTP parameter |
| Request Header prefix | The authorization scheme This prefix will be cut by the Verba server from the request header value |
| Request parameter | The token can be sent either by a request header or an HTTP parameter This configuration specifies the HTTP request parameter that will contain the token |
| Audience Regex | Optional, if defined the system will disregard tokens that do not have the matching "aud" attribute |
Expiration Timezone | The timezone for the token expiration |
| Prevent Token Reuse | Checking prevents reuse of the token |
| Mandatory Token Fields | Defines mandatory token fields Tokens that do not contain the fields marked as mandatory will be discarded |