How to verify OpenID Connect support on Identify

Introduction


Identify supports the OpenID Connect.

For the Identify whose version is  less than the version 5.1.1:


To verify this, we can use the sample OIDCClient to demonstrate that Identify does support SLO/SSO for OpenId Connect

How to setup OIDCClient


1. Open the IIS and setup this sample as the application for the site on IIS

iis_application

2. At its source folder, we open the oidc.config then update the URIs  on the file by your tenant URI and the signingCertificate value by your tenant signing like below:

oidcconfig

Note: we need to set the issuerName's value by your Entity ID at the Identify system setup.

3. Go to the connection list on Admin, we add the new Oauth 2.0 protocol connection where we will setup like below:

oauth2setting
oauth2setting2
+ Scope: we will add the scope "info" as the key "scope" 's value at the above oidc.config
+ Client ID: we will add the value on the key "clientId" at the above oidc.config
+ Client secret: we will add the value on the key "clientSecret" at the above oidc.config
+ Redirect URL: we will add the value following the URI of the OIDCClient, e.g in this sample: https://samples.safewhere.local/OIDCClient/oidccallback
+ Application name: input the name for the OIDCClient
+ Set the audience field of tokens which are issued for the application: we will input the userInfo endpoint of the OpenIDConnect: https://#Identifydomain/runtime/openidconnect/userinfo.idp
+ Allow implicit flow: we set it False
+ Allow code flow: we set it True
+ Use as OpenID Connect: we set it True
+ JWS alorithm: we choose "RSASigning"
+ Symmetric signing key: we click the below button "Open auto-generated HMAC" to generate its value
+ OpenID Connect logout redirect URL: we will add the value following the URI of the OIDCClient, e.g in this sample: https://samples.safewhere.local/OIDCClient/home/RPIFrame
Here is the demo for OIDCClient login when it's setup successfully: http://screencast.com/t/CPQmUfc4Fk