Using OpenID Connect with Custom Applications

To use OpenID Connect with ActiveMatrix BPM custom applications, an interceptor script (bpm-sso-interceptor.min.js) must be included in your application.

When an Identity Provider (IdP) responds to an OpenID Connect authentication request, the response is returned to the Redirect URI specified in the OpenID Connect shared resource. ActiveMatrix BPM then re-routes the response to the appropriate application using the interceptor script in the application. This allows for multiple applications to be using OpenID Connect with a single IdP at the same time.

New installations of Openspace, Workspace (including WCC applications), and Application Development-produced applications, version 4.3 and later, automatically include the interceptor script. However, if you are using any of those types of applications that are pre-version 4.3, and you want to use OpenID Connect authentication, you must include the interceptor script.

All other ActiveMatrix BPM custom applications, including those created with the ActiveMatrix BPM REST Public API, must include the interceptor script. (There is an exception with the bundled applications that use the bpm-login business component; for more information, see Introduction to Single Sign-On Authentication.)

To include the script in your application, include the following script tag in the application's launch file:

<script type="text/javascript" language="javascript" src="../openspace/sso/bpm-sso-interceptor.min.js"></script>