[]
        
(Showing Draft Content)

OIDC

Single Sign-On (SSO) with OpenID Connect (OIDC) is a modern authentication and authorization protocol that builds on top of the OAuth 2.0 framework. OIDC allows users to log in to multiple applications and websites using a single set of credentials (such as username and password) while providing secure authentication.

OIDC Authentication Protocol is used by Microsoft Azure AD, Amazon Cognito Service, and OKTA. Switch to the Admin Portal and follow the below instructions to configure the OIDC authentication protocol in Wyn Enterprise,

  1. Navigate to Configuration >> System Configurations >> SSO Settings and select the OIDC option from the Authentication Protocol dropdown.


  2. Add the OIDC settings that appear in the SSO Settings tab. The OIDC authentication settings are listed and described below.

Setting

Description

Values

Authentication Protocol

Authentication Protocol parameter is used to specify the protocol used to authenticate users for SSO.

None, CAS, OIDC, OAUTH

Scheme

Scheme parameter is an identifier of the authentication provider.

CAS, MicrosoftAzureAD, AWSCognitor, MyTestingIdentityProvider, etc.

Disabled

Disabled parameter is used to disable the SSO function.

True or False. The Default value is False.

Allow Incognizant User

Allow Incognizant User parameter is used to allow users not existing in the Wyn Enterprise application to log in to the application.

True or False

Enable SLO

Enable SLO is used to enable or disable a single logout feature when users log out from the Wyn Enterprise application. By default, this value is set to True.

True or False

Authority

Authority parameter is the service endpoint URL used to request tokens from the authentication service provider.

Domain URL of your authentication service provider.

Metadata Address

The URL of your server where metadata is obtained will be added to the Metadata Address.

https://{yourDomain}/.well-known/openid-configuration

Client Id

Client Id parameter specifies the public identifier for the user required for OAuth flows.

For Amazon Incognito, values are available in your user pool. For OKTA, values are available in your OKTA app settings.

Client Secret

Client Secret parameter specifies a secret code used by the user to exchange an authorization code for a token. ClientSecret should be kept confidential.

For Amazon Incognito, values are available in your user pool. For OKTA, values are available in your OKTA app settings.

Callback Path

Callback parameter specifies a base URL where the IDP response is sent upon user authentication. Callback parameter is used in the SSO configuration settings with Amazon Cognito Service.

Redirect URI specified in the AWS app settings or the default value is /signin-oidc.

Scopes

Scope parameter is used to customize data requests to a third-party application.

For OKTA: openid, profile, and email. For AWS: openid, profile, email, and phone.

Response Type

Response types return the items that are fetched upon successful authentication.

code, token, id_token

Response Mode

Response modes determine how the resulting parameters are returned by the authorization server from the authorization endpoint.

form_post, reponse_mode, fragment, query,

Get User Claims

Get User Claims property is used to find the user claims. By default, this property is set to True.

True or Flase

Save Tokens

Save Tokens property is used to save the tokens. By default, this property is set to True.

True or Flase

Use Pkce

Proof of Key for Code Exchange is an extension to the authorization code flow to securely perform the OIDC exchange from public clients.

True or False

Claim Mappings

Claims are used to determine the authenticated users' information such as name, phone number, email, roles, etc.. A claim mapping item consists of a Key and a Value where the Key represents the user context in Wyn Enterprise, and the Value represents the user context from the authentication provider. Click the + Add Claim button to add claims and set the Key and Value fields.

id, profile, status, transitioningtostatus, created, activated, statuschanged, lastlogin, lastupdated, passwordchanged, type, realm, realmid, password, credentials, _links, _embedded, class, classloader, custom_name

You can also manually configure the OIDC Single Sign-on settings for Microsoft Azure AD, Amazon Cognito Service, and OKTA using the Wyn.conf file located in the Wyn system folder. See the Microsoft Azure AD, Amazon Cognito Service, OKTA help article for more information on the manual configuration of OIDC Authentication Protocol for SSO in Wyn Enterprise.