OIDC Authentication
OpenID Connect (OIDC) authentication can be used to provide User authentication for the 1Integrate UI.
Note: Currently, only the Keycloak OIDC provider is supported.
Warning: The REST API will still use the standard fixed user list or LDAP authentication.
Key information:
-
Only one OIDC provider can be configured at a time.
-
Access groups will not work when OIDC authentication is enabled.
-
Only the Keycloak OIDC provider is supported.
-
Whilst enabled, OIDC will be the only method available for accessing the 1Integrate UI.
Configuring OIDC
The following steps will need to be followed for OIDC to work.
-
Configure your OIDC provider .
Note: The role names on the Configuring Users and Permissions page will need mapping to those within your OIDC provider.
-
Next, add
INTEGRATE_OIDC_ENABLED=trueas either an environment variable (to persist between installations) or in the start-Interface.cmd (Windows) /start-Interface.sh (Linux) start-up scripts. -
Ensure you have set the
authentication.oidc.provider_url(this is the minumum required setting) in the settings.properties file. For further details on other parameters, see the table below. -
Users will now be able to log-in using OIDC authentication, after which they can use 1Integrate.
Configurable OIDC Parameters in settings.properties
|
Property |
Type |
Description |
|---|---|---|
|
|
string |
The URL for your OIDC provider. Note: Only the Keycloak OIDC provider is supported. Note: If you set |
|
|
enum |
Set to have the OpenID provider communicate over HTTPS. Valid options are:
Note: This option defaults to " |
|
|
string |
Set the claim value from the ID token. This will be used as the principal for the identity. Defaults to |
|
|
string |
The Client ID. This value will need to match the Cient ID in your OIDC Provider. Defaults to |
|
|
boolean |
Default to |
