Versions Compared

Old Version 1

changes.mady.by.user Robert Andelin

Saved on

compared with

New Version Current

changes.mady.by.user Robert Andelin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space FUNCTDEV and version SVC2023.2

...

  1. If you have not already done so, register User Administration with your OpenID Connect identity provider. You can get the values for the attributes used used in the oidc.json file from the authorization server (Keycloak, connect2id, etc.and so on).

  2. Register the necessary redirect URIs so that the OIDC server knows where to send the user after authentication. The <ctp><CTP_DIR>/em/login/oauth2/code/ctp URI should be registered.

...

Open the oidc.json file located in the tomcat<TOMCAT_DIR>/webapps/em/config directory to configure the OIDC provider properties used by CTP. 

...

CTP Security XML File Configuration

CTP's applicationContext-security.xml file, found in the <TOMCAT_DIR>/webapps/em/WEB-INF/classes/META-INF/spring directory, contains the necessary elements to enable OAuth 2.0 authentication, though they are disabled by default in favor of form login authentication. You will need to uncomment the oauth2-login elements and comment out the form-login elements.

...

  • oidc.enabled=true
  • oidc.cli.mode=certificate
  • oidc.issuer.uri=[URI of the OpenID Connect server]
  • oidc.client.id=[ID provided by the OpenID Connect server]
  • oidc.client.secret=[password provided by OpenID Connect server]
  • oidc.scopes=[space-separated list of scopes used during authentication to authorize access to a user's details] The default is: openid profile offline_access.
  • oidc.keystore=[path to the keystore file that stores the certificate to authenticate the user on the OpenID Connect server; see note 1 below.]
  • oidc.keystore.alias=[alias to use to authenticate on the OpenID Connect server] You may need to configure this setting if your keystore file contains multiple entries.
  • oidc.keystore.password=[password to the keystore file; see note 2 below.]

...

Code Block
"enabled": false,
"issuerUri": "https://login.microsoftonline.com/<tenantId-from-azure>/2v2.0",
"clientId": "<clientId-from-azure>",
"clientSecret": "<clientSecret-from-azure>",
"scopes": ["openid","profile","email"],
"claimMappings":
	{ 
		"username": "name",
		"firstName": "given_name",
		"lastName": "family_name",
		"email": "email"
	},
"adminUsers": ["admin1","admin2"]

...