There is a direct correlation between the OIDC fields on the SSO Configuration screen and the OIDC install parameters.
The OIDC install parameters will be deprecated with system upgrades.
The SSO Configuration screen supports both Authorization Code and ROPC OIDC configuration. For Authorization Code OIDC configuration, all three fields: Issuer, Client ID, and JWKS URI must be populated. For ROPC OIDC configuration, all three fields: ROPC Issuer, ROPC Client ID, and ROPC JWKS URI plus the Client Password and Token End Point fields must be populated. Populating Scope is optional.
OIDC Configuration |
||
Field |
Install Parameter |
|
Issuer |
The OpenID Connect ID token issuer. |
OIDCISS |
Client ID |
The OpenID Connect Client ID. |
OIDCCLNT |
JWKS URI |
The OpenID Connect JWKS URI. |
OIDCJWKS |
Password Grant |
If the user selects the Password Grant check box, the system will set the ROPC Issuer, ROPC Client ID, ROPC JWKS URI, Client Password, and Token Endpoint fields as required. |
|
ROPC Issuer |
The OpenID Connect ID token issuer for ROPC. |
|
ROPC Client ID |
The OpenID Connect Client ID for ROPC. |
|
ROPC JWKS URI |
The OpenID Connect JWKS URI for ROPC. |
|
Client Password |
The OpenID Connect client password. |
OIDCCLPW |
Scope |
The OpenID Connect scope to be passed in the request sent to the token end point. |
OIDCSCOP |
Token End Point |
The OpenID Connect token end point. |
OIDCTKEP |
Authentication Endpoint |
n/a |
|
End Session Endpoint |
n/a |
|
OIDC Claims |
||
Field |
Install Parameter |
|
Identity Claim |
The name of the OpenID Connect ID token claim containing the unique identity information of the user. |
OIDCIDNT |
UPN Claim |
The name of the OpenID Connect ID token claim containing the displayable user information (UPN/Identity2). |
OIDCUPN |
Role Claim |
The name of the OpenID Connect ID token claim containing the role information. |
OIDCROLE |
Tenant Claim |
The name of the OpenID Connect ID token claim whose value contains the tenant information. |
OIDCTNT |
Email Claim |
The name of the OpenID Connect ID token claim containing the email address |
OIDCEML |
User Description Claim |
The name of the OpenID Connect ID token claim containing the user description. |
OIDCUSDS |