Skip to content

octoplant and OIDC

octoplant without OAuth

Configuration without external token handling and ID provider:

  • The octoplant server and the client can communicate using the IP address or computer name (FQDN1)
  • No additional handling of external certificates or tokens is required
  • If a CSC Gateway is required (for example, when using separated networks), this could be configured without additional external effort

Figure: octoplant without OAuth

octoplant with OAuth

Integration of ID provider including token handling:

  • The octoplant server and the client can only communicate with their FQDN, as the FQDN of the server system is contained in the certificate or token required for OAuth.

  • Key changes when using OAuth:

    • A certificate is generated and implemented on the octoplant server.
    • The communication to the global DNS server is required. DNS servers are normally configured for octoplant automatically by the octoplant server operating system.
    • A connection to an ID provider required.
    • It may be necessary to update the login configuration on the client system.

Figure: octoplant with OAuth

octoplant with OAuth and CSC-Gateway

Integration of ID provider including token handling:

  • The octoplant server and the client can only communicate with their FQDN, as the FQDN of the server system is contained in the certificate or token required for OAuth.

  • Key changes when using OAuth and separated networks:

    • A certificate is generated and implemented on the octoplant server.
    • The communication to the global DNS server is required. DNS servers are normally configured for octoplant automatically by the octoplant server operating system.
    • An additional DNS server in separated network and adjustment of matching table required
    • A connection to an ID provider required.
    • It may be necessary to update the login configuration on the client system.

Figure: octoplant with OAuth and CSC