Identity provider - OpenID Connect
AVAILABLE IN 9.7.6 AND LATER
Overview
OpenID Connect is an open standard identity layer on top of the OAuth 2.0 protocol, it allows third-party applications to verify the identity of the end-user and to obtain basic user profile information. The Verba system only utilizes the Login ID of the authenticated user.
Verba supports the Authorization Code Flow:
The user opens the Verba web interface and types the Login ID
- The Verba web interface offers the OpenID Connect authentication
- The user chooses the OpenID Connect and the browser is redirected to the Authorization Server
- The user authenticates itself and is redirected back to the Verba web interface with the Authorization Code
The Verba back-end requests an ID Token using the Authorization Code at the Token Endpoint
The Verba Web Application validates the ID Token and the user is logged into the application
Configuration
Item | Description |
---|---|
Client ID | The Verba web interface will use this Client ID to request the ID Token |
Client Secret | The Verba web interface will use this Client Secret to request the ID Token |
Authentication Request URL | The Authorization Server URL |
Authentication Request - response_type parameter | Usually should be set to "code" |
Authentication Request - scope parameter | Usually should be set to "openid" |
Authentication Request - login hint parameter name | Login Hint parameter name that will be passed to the Authorization Server (optional) |
Token Request URL | The Token Request URL |
Token Request - grant_type parameter | Usually should be set to "authorization_code" |
Token Request - Authentication | The authentication method of the Token Request (BASIC or POST body parameters) |
ID Token Attribute | Which ID Token Attribute should be used to look up the Verba user (usually "sub") |
Verify the state parameter | Should the "state" parameter be passed and verified in the response? |
Verify the nonce claim | Should the "nonce" parameter be passed and verified in the token? |
Authorization Endpoint HTTPS Certificate | Only set if the Authorization Endpoint's HTTPS Certificate is not trusted by Java running the Verba web application |