Wiki source code of OpenID Connect

Hide last authors
nlo 1.1 1 {{content/}}
2
rpe 13.1 3 When adding a //OpenID Connect// identity provider the following parameters are requested:
nlo 1.1 4
rpe 13.1 5 == Base settings ==
nlo 1.1 6
rpe 13.1 7 {{figure image="openid_base_settings_en.png" clear="h1"}}
8 Basic settings for the configuration of the OpenID Connect identity provider.
9 {{/figure}}
nlo 1.1 10
rpe 13.1 11 === Name ===
nlo 1.1 12
rpe 13.1 13 Name of the identity provider in {{formcycle/}}.
nlo 1.1 14
rpe 13.1 15 === Different name on form login button ===
nlo 1.1 16
rpe 13.1 17 If a form has been configured to offer several authentication options, a dialog will be displayed when opening the form in which an authentication type has to be selected. The text content that should be on the button for this identity provider can be configured here.
nlo 1.1 18
rpe 13.1 19 If nothing is entered here, the name entered under //Name// is used.
nlo 1.1 20
rpe 13.1 21 === Alias for callback URL (UUID) ===
nlo 1.1 22
rpe 13.1 23 Unique identifier that is used when the identity provider returns to {{formcycle/}}. This value is generated automatically, but can be changed if necessary.
nlo 1.1 24
rpe 13.1 25 === Callback URL ===
nlo 1.1 26
rpe 13.1 27 URLs for each {{formcycle/}}-Server (master server as well as frontend servers) which can be used when returning from the identity provider to {{formcycle/}}. Each URL can be copied to the clipboard by clicking the copy icon to the right of the URL.
nlo 1.1 28
rpe 13.1 29 == Initially visible buttons ==
nlo 1.1 30
rpe 13.1 31 Below the base settings there are initially 3 buttons whose functions are intended to help with the configuration of the identity provider.
nlo 1.1 32
rpe 13.1 33 === Send email to provider ===
nlo 1.1 34
rpe 13.1 35 Opens the e-mail program set up in the system with a pre-formulated request regarding the information required for the configuration of the identity provider in {{formcycle/}}.
nlo 1.1 36
rpe 13.1 37 === Help ===
nlo 1.1 38
rpe 13.1 39 Opens this help page in the browser.
nlo 1.1 40
rpe 13.1 41 === Add configuration ===
nlo 1.1 42
rpe 13.1 43 If the required information has been provided by the identity provider, the area for the configuration of the identity provider can be opened by clicking on this button. Afterwards the area //configuration// which is described below opens.
nlo 1.1 44
rpe 13.1 45 == Configuration ==
nlo 1.1 46
rpe 13.1 47 {{figure image="openid_configuration_en.png" clear="h1"}}
48 Configuration options for an OpenID Connect identity provider.
49 {{/figure}}
nlo 1.1 50
rpe 13.1 51 === Client ID ===
nlo 1.1 52
rpe 13.1 53 Unique ID of the configuration that is provided by the identity provider.
nlo 1.1 54
rpe 13.1 55 === Client secret ===
nlo 1.1 56
rpe 13.1 57 Secret key which is used to authenticate your client.
nlo 1.1 58
rpe 13.1 59 === Discovery URI ===
nlo 1.1 60
rpe 13.1 61 URI which is used to determine the properties of the identity provider. It has to be provided by the identity provider.
nlo 1.1 62
rpe 13.1 63 === Scope ===
nlo 1.1 64
rpe 13.1 65 Specifies the permissions that are used by {{formcycle/}} when querying fields from the identity provider.
nlo 1.1 66
rpe 13.1 67 === Authentication method ===
nlo 1.1 68
rpe 13.1 69 Method by which {{formcycle/}} authorizes itself to the identity provider.
nlo 1.1 70
rpe 13.1 71 === Response type ===
nlo 1.1 72
rpe 13.1 73 Type of response from the identity providers after {{formcycle/}} logon.
nlo 1.1 74
rpe 13.1 75 == Extended settings ==
nlo 1.1 76
rpe 13.1 77 {{figure image="openid_extended_settings_en.png" clear="h1"}}
78 Advanced settings for configuring an OpenID Connect identity provider.
79 {{/figure}}
nlo 1.1 80
rpe 13.1 81 By clicking on //Extended settings// additional parameters for the connection with the identity provider can be configured.
nlo 1.1 82
rpe 13.1 83 === Response mode ===
nlo 1.1 84
rpe 13.1 85 Method by which the identity provider sends the logon respone to {{formcycle/}}.
nlo 1.1 86
rpe 13.1 87 === Max. authentication lifetime (seconds) ===
nlo 1.1 88
rpe 13.1 89 Maximum duration of an exisitng login to the identity provider. The default value is {{code language="none"}}-1{{/code}}, which means infinite.
nlo 1.1 90
rpe 13.1 91 === Connection Timeout (seconds) ===
nlo 1.1 92
rpe 13.1 93 Maximum duration for a connection setup to the indentity provider before it is terminated. The default value is {{code language="none"}}500{{/code}} seconds.
nlo 1.1 94
rpe 13.1 95 === Max. clock skew (seconds) ===
nlo 1.1 96
rpe 13.1 97 Maximum allowed difference in system clock times between the {{fcserver/}} and the identity provider. The default value is {{code language="none"}}30{{/code}} seconds.
nlo 1.1 98
rpe 13.1 99 === Expire session with token ===
nlo 1.1 100
rpe 13.1 101 Setting that specifies whether a {{formcycle/}} logon should also expire when the identity provider logon expires. This option is disabled by default.
nlo 1.1 102
rpe 13.1 103 === Token expiration advance (seconds) ===
nlo 1.1 104
rpe 13.1 105 Time period that a {{formcycle/}} logon should expire before the identity provider token. The default value is {{code language="none"}}0{{/code}} seconds.
nlo 1.1 106
rpe 13.1 107 === Further parameters ===
nlo 1.1 108
rpe 13.1 109 In addition to the ones listed above, other parameters can be defined in this table. A //property// and a corresponding //value// must be entered in each line.