Configuring Settings
To configure the settings for an OIDC-OAuth2 configuration, proceed as follows:
-
Open the AdminClient.
-
Select User management.
-
Select the Synchronization tab.
-
Select the OIDC binding Configuration button from the toolbar:
-
If there are no binding configurations defined, OIDC binding New Configuration dialog appears:
-
Enter a valid name for the new configuration and select the Add button.
The OIDC binding Edit Configuration dialog appears:
You can change the display name of a configuration at any time.
-
-
If at least one configuration exists, then the OIDC binding Edit Configuration appears first with the configurations listed on the left side:
- Select the configuration you wish to edit, or create a new configuration.
- Selecting the New button in the upper-left will open a new OIDC binding New Configuration dialog as above.
- Select the configuration you wish to edit, or create a new configuration.
-
-
Edit the fields according to the descriptions below.
-
Select the Save button to save the visible configuration.
-
To discard unsaved changes to the visible configuration, select the Reset button. A confirmation dialog appears:
Select the Yes button to undo any changes that have not been saved.
-
-
Select the OK button to exit the dialog.
-
If there are unsaved changes to any configuration, selecting the OK button will display this dialog:
Select the Save All button to save all changes and exit the OIDC binding Edit Configuration dialog, or the Discard button to cancel saving and exit the OIDC binding Edit Configuration dialog.
Similarly, selecting the Cancel button on the OIDC binding Edit Configuration dialog will discard
all changes to all configurations.
Any configurations with unsaved changes will be marked with an asterisk in the list of configurations on
the left as illustrated:
-
Field Descriptions
The following is a listing of the fields and their descriptions:
| Field Title | Description |
|---|---|
| Display name: | Name used to describe this configuration. Displayed in the left list of configurations. |
| Client id: * | Client identifier as configured in the OpenID Connect service provider. This is a required field. |
| Client secret: | Client secret as configured in the OpenID Connect service provider |
| Icon: | Icon to show on the client login screen |
| Discovery url: | If this is non-blank and set to <issuer_url>/.well-known/openid-configuration it will automatically set up the provider. No other urls are required for this configuration. |
| User info url: | URL to the endpoint that provides the user information. |
| Issuer url: | URL that points to the OpenID Connect provider (for example, https://example.com/auth/realms/your-realm) |
| Auth url: | URL to the endpoint that authorizes the end user. |
| Token url: | URL to the endpoint that provides an Access Token. |
| JWKS url: | URL to the endpoint where the Token signer publishes its keys. |
| Use PKCE | Check to enable Proof Key for Code Exchange |
| Scopes: | Comma separated list of scopes to request. |
| Redirect url: | octoplant URL to redirect the user after successful login. This field appears at the bottom of the OIDC binding Edit Configuration dialog when an existing configuration is edited. It includes a copy button ( ) to the right of the field. |