View Source

In this section:

Configuring Within an IDE

If you are using Selenic within an IDE, the OpenID Connect preference panel allows you to configure the application to authenticate users via your OpenID Connect server. When enabled, OpenID Connect will be used instead of username and password for connecting to DTP, License Server, and SOAtest Server for creating API tests from traffic.

Go to Parasoft > Preferences and select OpenID Connect.
Check Enable.
Configure the following options:
- Issuer URI: The URI of your OpenID Connect server.
- Client ID: The ID registered on your OpenID Connect server.
- Callback host: The local callback host required to communicate with the OpenID Connect server. The following options are available:
  - localhost: The localhost address will be used for communication.
  - 127.0.0.1: The loopback IP address 127.0.0.1 will be used for communication.
- Callback port: The callback port number for communication with the OpenID Connect server. The following options are available:
  - Automatically select an open port: Automatically selects an open port (recommended).
  - Use port: Allows you to manually specify the port number.
- Callback timeout: Specifies, in seconds, the maximum time the browser will wait for user credentials.
Click Test Authentication or Apply to open the OpenID Connect authentication page in your browser.
Provide your credentials in the browser window that opens.
Close the browser window when the authentication confirmation appears and continue in the application.
Click Apply to apply the changes.

The Status panel shows the current OpenID Connect authentication status.

Azure Active Directory users: Enter the redirect URL configured above under "Mobile and desktop applications" in Azure AD. For example, if Callback host is set to "localhost" and Callback port is set to "Automatically select an open port" (the default values), you would enter "http://localhost/oauth2_callback" for the callback URL in Azure AD.

Configuring Outside an IDE

If you are using Selenic Agent or Analyzer outside of an IDE, configure your selenic.properties file as described below according to the authentication type you are using. The default is device code.

For device code authentication:

oidc.enabled=true
oidc.cli.mode=devicecode
oidc.issuer.uri=[URI of the OpenID Connect server]
oidc.client.id=[ID provided by the OpenID Connect server]
oidc.devicecode.token.file=[path to the custom token file containing user authentication information]

When "devicecode" mode is enabled, users are given a URL and device code to use to authenticate when soavirt.war or soatestcli is started. If the authentication is successful, the information is saved to a token file (the path to the file is stored in the oidc.devicecode.token.file setting) to be reused. If the information saved in the file becomes invalid, the user will need to authenticate again.

For certificate authentication:

oidc.enabled=true
oidc.cli.mode=certificate
oidc.issuer.uri=[URI of the OpenID Connect server]
oidc.client.id=[ID provided by the OpenID Connect server]
oidc.client.secret=[password provided by OpenID Connect server]
oidc.keystore=[path to the keystore file that stores the certificate to authenticate the user on the OpenID Connect server]
oidc.keystore.password=[password to the keystore file; see note below.]

We highly recommend that you use an encrypted password for oidc.keystore.password. You can run the selenic_analyzer.jar file with the -encodepass property to encrypt your password using AES 256-bit encryption. See -encodepass <password> for details. The command line tool will generate an encrypted string that you can use in the configuration file.