Contents
The OpenID Connect (OIDC) authentication realm allows authentication with an OIDC provider. OIDC is an identity layer on top of the OAuth 2.0 protocol, which allows single sign-on for clients to verify your identity based on the authentication performed by an authorization server. The following identity providers are supported:
-
Google Identity Platform
-
Auth0
-
Microsoft Azure Active Directory
An OIDC realm configuration is specified in an OIDCAuthenticationRealm root object in the security configuration type.
OIDC is only supported via the HTTP protocol; non-HTTP communication is not supported. The StreamBase OIDC implementation only supports authentication, and not authorization. Each OIDC realm configuration must specify a fallback realm that is used for all authorization and for authentication from clients that are not using HTTP. That fallback realm must exist when the OIDC realm is activated or activation fails.
OIDC requires at least one identity provider configuration. For each identity provider:
- documentDiscoveryUrl
-
A URL used to retrieve information about the identity provider.
- clientId
-
The OIDC client's authentication ID.
- clientSecret
-
The OIDC client's authentication secret key, optionally encrypted with epadmin encrypt secret.
- identityAttributeName
-
The attribute in an authenticated user's JSON web token (JWT) that identifies a user name that can be mapped to a set of roles in the fallback realm for authorization purposes.