You can configure DTP to accept authentication from an OpenID Connect identity provider. You can configure User Administration to accept authentication from an OpenID Connect identity provider. This enables you to manage user authentication outside of Parasoft. Support for OpenID Connect is disabled by default.
...
Configuration is required in DTP, as well as in the OIDC server.Configuration is required in User Administration, as well as in the OIDC server.
OIDC Server Configuration
If you have not already done so, register User Administration with your OpenID Connect identity provider. register DTP with your OpenID Connect identity provider. You can get the values for the attributes used in the oidc.json file from the authorization server (Keycloak, connect2id, etc.).
Register the necessary redirect URIs so that the OIDC server knows where to send the user after authentication. The
<pstsec>/pstsec/login/oauth2/code/dtpURI should be registered.The following redirect URIs that should be registered:Required:
- <dtp_server>/pst/login/oauth2/code/dtp
- <dtp_server>/pstsec/login/oauth2/code/dtp (User Administration)
- <dtp_server>/grs/login/oauth2/code/dtp (Required for Report Center/Enterprise Pack)
Optional. The following redirect URIs are optional and only need to be registered to enable log in directly through individual applications:
- <dtp_server>/tcm/login/oauth2/code/dtp (Team Server)
- <dtp_server>/licenseserver/login/oauth2/code/dtp (License Server)
- <data_collector>/login/oauth2/code/dtp (Data Collector)
License Server Configuration
DTP Configuration
Open the oidc.json file located in the <DTP_DATA_DIR>/conf directory to configure the OIDC provider properties used by DTP.Open the oidc.json file located in the <LS_INSTALL>/data/conf directory to configure the OIDC provider properties used by License Server.
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"enabled": false,
"issuerUri": "your issuer uri",
"clientId": "your client id",
"clientSecret": "your client secret",
"scopes": ["openid", "profile", "email"],
"claimMappings":
{
"username": "preferred_username",
"firstName": "given_name",
"lastName": "family_name",
"email": "email"
},
"adminUsers": []
} |
...
| Attribute | Value | Description | |
|---|---|---|---|
enabled | boolean | Enables or disables OIDC authentication. Default is false. | |
issuerUri | string | Specifies the value of the issureUri parameter is the URI of the Authorization Server. The URI will be appended with /.well-known/openid-configuration to build the complete discovery endpoint when file is processed. | |
clientId | string | Specifies the public identifier registered for DTP with your OIDC provider.Specifies the public identifier registered for License Server with your OIDC provider. | |
clientSecret | string | Specifies the client secret for DTP.Specifies the client secret for License Server. | |
encryptedClientSecret | string | Specifies the client secret for DTP as an encrypted string. Specifies the client secret for License Server as an encrypted string. You can use this attribute instead of This value can be encoded using the | |
scopes | array of strings | Defines the set of user information that the OIDC server will provide to the client. DTPLicense Serverprimarily DTPprimarily uses values specified in the array to gain access to the user claims. The following array is defined by default:
| |
claimMappings | object | Represents information about users. | |
username | string | Specifies the value mapped to the username claimed in OIDC. Default is preferred_username. | |
firstName | string | Specifies the value mapped to the first name claimed in OIDC. Default is given_name. | |
lastName | string | Specifies the value mapped to the last name claimed in OIDC. Default is family_name. | |
email | string | Specifies the value mapped to the email claimed in OIDC. Default is email. | |
adminUsers | array of strings | Specifies existing users in your organization that should be granted administrator privileges upon logging in. | |
Save your changes and restart DTP services after configuring the file.Save your changes and restart License Server after configuring the file.
When you go to the DTP login page, you will be redirected to the OpenID Connect authentication interface.When you go to the License Server login page, you will be redirected to the OpenID Connect authentication interface. After specifying your credentials, you will be logged in and redirected back to DTP. After specifying your credentials, you will be logged in and redirected back to License Server.
Example Configurations
The following examples are intended to help you understand how to connect DTP to your identity access management system. Refer to the documentation for your software for implementation details.
...
The following example demonstrates how to configure OpenID Connect for connect2id. Users must access DTP over HTTPS when using connect2id as the OpenID Connect provider.Users must access User Administration over HTTPS when using connect2id as the OpenID Connect provider.
In this example, c2id is the name of the realm. Two administrator users (admin1 and admin2) will be created.
...
When DTP is in OpenID Connect mode,When User Administration is in OpenID Connect mode,you cannot access either DTP or Enterprise Pack APIs using basic authentication.you cannot access User Administration using basic authentication.Instead, you must pass an access token to the API endpoint in the request header using the Authorization property. The token is passed using the following format:
...