OIDC Authentication Realm

Overview

The OpenID Connect (OIDC) authentication realm allows authentication with an OIDC provider. OIDC is an identity layer on top of the OAuth 2.0 protocol, which allows single sign-on for clients to verify your identity based on the authentication performed by an authorization server. The following identity providers are supported:

  • Auth0

  • Google Identity Platform

  • Microsoft Azure Active Directory

An OIDC realm configuration is specified in an OIDCAuthenticationRealm root object in the security configuration type.

OIDC is only supported via the HTTP protocol; non-HTTP communication is not supported. The StreamBase OIDC implementation only supports authentication, and not authorization. Each OIDC realm configuration must specify a fallback realm that is used for all authorization and for authentication from clients that are not using HTTP. That fallback realm must exist when the OIDC realm is activated or activation fails.

Required Properties

OIDC requires at least one identity provider configuration. For each identity provider:

documentDiscoveryUrl

A URL used to retrieve information about the identity provider.

clientId

The OIDC client's authentication ID.

clientSecret

The OIDC client's authentication secret key, optionally encrypted with epadmin encrypt secret.

identityAttributeName

The attribute in an authenticated user's JSON web token (JWT) that identifies a user name that can be mapped to a set of roles in the fallback realm for authorization purposes.