Configuring OpenID Connect
You can configure a default OpenID Connect web authentication provider using the configuration tool.
About this task
Before you begin
- You have configured a public address URL. To do this, go to the Public Address page in the Spotfire Server configuration tool and enable the public address URL http[s]://<spotfire server>[:<port>]/.
- You have registered a
client at the OpenID provider with a return endpoint URL, and received a client
ID and a client secret from the provider.
Note: If the OpenID provider that you want to use supports OpenID Connect Dynamic Registration, you can register the client using the command-line command
register-oidc-client
. To use this option, perform the rest of the configuration first, because the metadata sent in the registration request depends on the configuration. See register-oidc-client for more information.- The registered client must support the Authorization Code Grant.
- The registered client
must have permission to request the scopes that the server is configured to
request. By default, these scopes are
openid
,profile
, andemail
, but the latter two can be removed and other scopes can be added.
For the default OpenID Connect web authentication providers, use the
URL (starting with the configured public address URL):
http[s]://<spotfire server>[:<port>]/spotfire/auth/oidc/authenticate
Note: When using web
authentication, it is recommended to use HTTPS.
Note: It is recommended to
use the
Auto-create option for the post-authentication
filter.
Procedure
Parent topic: Web authentication
Related tasks
Related reference