Configuring OpenID Connect

These instructions are for configuring a default OpenID Connect web authentication provider using the configuration tool.

Prerequisites

  • You have configured a public address URL. To do this, go to the Public Address page in the Spotfire Server configuration tool and enable the public address URL http[s]://<spotfire server>[:<port>]/.
  • You have registered a client at the provider with a return endpoint URL, and received a client ID and a client secret from the provider.
    • The registered client must support the Authorization Code Grant.
    • The registered client must have permission to request the scopes that the server is configured to request. By default, these scopes are "openid", "profile", and "email", but the latter two can be removed and other scopes can be added.
For the default OpenID Connect web authentication providers, use the URL (starting with the configured public address URL):
http[s]://<spotfire server>[:<port>]/spotfire/auth/oidc/authenticate
Note: When using web authentication, it is recommended to use HTTPS.
Note: It is recommended to use the Auto-create option for the post-authentication filter.

Procedure

  1. Open the Spotfire Server configuration tool. For information on launching the configuration tool, see Opening the configuration tool.
  2. In the configuration tool, select the Configuration tab.
  3. On the Configuration Start page, select the authentication method Web authentication.
    Note: If, for example for backward compatibility with older Spotfire clients, you want to combine web authentication with username and password authentication, you should select the BASIC authentication method. This way, the launched web browser will have both a username and password alternative, and the alternative to use an external web authentication provider.
  4. On the OpenID Connect page, select Yes to enable OpenID Connect authentication.
  5. To add and configure a new provider, click Add new provider.
  6. For each added provider, select Yes to enable the provider, and specify the Provider name (that will be displayed for users when selecting a provider).
  7. For each provider, specify the Discovery document URL, the Client ID and the Client secret, as received when registering a client at the provider.
  8. Save the configuration and restart the Spotfire Server.