OpenID Connect Relying Party
Configuring authentication with OIDC is done through a number of components. One of those components is the authenticator "OidcRP". This authenticator currently only supports Authorization Code Flow.
Configuring the authenticator
Before enabling the authenticator ensure that phenix-oidc-discovery module is enabled and that the right OIDC OP has been configured for discovery.
| Name |
Description |
Default value |
Mandatory |
|---|---|---|---|
| pipeID |
pipe id of the pipe used for id token validation. | N/A | YES |
| successUrl |
Where to send the user agent after successful token validation | N/A |
YES |
| redirectUri |
URL used when communicating with the OP. | N/A |
YES |
| secret |
The client secret used validating the token | N/A |
YES |
| clientId |
Id of the client used when communicating with the OP | N/A |
YES |
| usernameAttribute |
Value considered as username in the returned item from validation pipe. | sub | YES |
| scope | The oidc scope sent to the OP | openid |
No |
| opId |
Internal id of the OP to use | N/A | Yes |
| executeUserInfoLookup |
If to perform a user info lookup in addition. https://openid.net/specs/openid-connect-core-1_0.html#UserInfo Requires the op exposing a user_info url in discovery data. Response from discovery will be sent in to the pipe in parameter "user_info". |
false | No |
Requirements
The pipe executed MUST respond with one item.