The generic OIDC Identity Provider allows you to connect to any OIDC-compliant Identity Provider. To create a generic OIDC Identity Provider, you can access the Identity provider list on the Safewhere Admin portal and choose the Enterprise category.
Choose Generic OIDC provider
Configuration
After saving the new connection, access its Connection tab and update its settings.
- Client ID (App ID): The client ID that is provided by the Identity Provider that you want to connect to.
- Client secret: The client secret that is provided by the Identity Provider that you want to connect to.
You can either enter all endpoints manually or enter the provider's /.well-known/openid-configuration
metadata endpoint to the Fetch all endpoints from URL setting and click the icon on the right to have all endpoints filled in automatically.
You can also access the Permission tab to customize required permissions as well as additional permissions. Default value of the Required permissions setting is openid
.
Known issues
If your Identify instance is connecting to an OIDC Identity Provider which is in fact another Identify instance using version 5.8 or below, its OIDC endpoint https://#identify_instance_domain#/runtime/oauth2/.well-known/openid-configuration
is not accessible from the clientside due to the CORS policy:
A workaround for this issue is to add the configuration block below to the Runtime's web.config of the Identify instance to which you need to connect:
1 2 3 4 5 6 7 8 9 |
<location path="oauth2/.well-known/openid-configuration"> <system.webServer> <httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="*" /> </customHeaders> </httpProtocol> </system.webServer> </location> |