OpenID Connect

Option	Description
Display Name	This option is displayed to users during the sign-in process if you allow users to select their own authentication method on the Authentication URL Options page.
Display Icon	This option is displayed to users during the sign-in process if you allow users to select their own authentication method on the Authentication URL Options page.
Import OIDC Metadata	FROM FILE: allows file types with .json extensions FROM URL: provides the well-known endpoint of the OpenID Provider; all endpoints are imported into IFS All the endpoints can be added manually too The file with a .json extension is parsed, and the following input fields on this page are automatically completed: Issuer Authorization_Endpoint Token_Endpoint Jwks_uri Userinfo_Endpoint Verify the inputs and add any additional information required If you are not importing OIDC metadata, enter the following information manually
Client ID	The client ID is generated from the identity provider and must be provided manually.
Client Secret	The client secret is generated from the identity provider and must be provided manually.
Issuer	This is the entity ID of the OpenID provider.
Authorization Endpoint	This is the authorization endpoint of the OpenID provider for Infor OS to request for a code as part of the OIDC flow.
Token_EndPoint	This is the token endpoint of the OpenID provider to obtain an ID token and access token.
jwks_uri userinfo_endpoint	This is the endpoint that retrieves the keys to validate the signature of the ID token. If provided, this endpoint is called by Infor OS to retrieve the user profile information.
Enable Identity Provider Single Logoff	This is an optional feature. When enabled, the application would log out from the identity provider. If this option is enabled, the end_session_endpoint becomes mandatory.
end_session_endpoint	This is the property that provides the endpoint to be called for logging out the user from the identity provider.
scopes_supported	Infor OS, while making an OpenID connect request, includes the email,profile and openid as the default scopes. If the request must include additional scopes, they must be provided as comma separated values.
Attribute Name	The attribute name, for example, username, email, first_name, last_name, is sent from the OpenID provider in the ID token or attributes from the User Info endpoint.
EE user lookup field	This a drop-down of the external entity properties to map the userlookup..
Callback URL	This is the endpoint to which the OpenID provider returns the ID tokens. This URL is required by the OPENID provider when registering the client.

Display Name

This option is displayed to users during the sign-in process if you allow users to select their own authentication method on the Authentication URL Options page.

Display Icon

This option is displayed to users during the sign-in process if you allow users to select their own authentication method on the Authentication URL Options page.

Import OIDC Metadata

FROM FILE: allows file types with .json extensions
FROM URL: provides the well-known endpoint of the OpenID Provider; all endpoints are imported into IFS
All the endpoints can be added manually too
The file with a .json extension is parsed, and the following input fields on this page are automatically completed:
- Issuer
- Authorization_Endpoint
- Token_Endpoint
- Jwks_uri
- Userinfo_Endpoint
Verify the inputs and add any additional information required
If you are not importing OIDC metadata, enter the following information manually

Client ID

The client ID is generated from the identity provider and must be provided manually.

Client Secret

The client secret is generated from the identity provider and must be provided manually.

Issuer

This is the entity ID of the OpenID provider.

Authorization Endpoint

This is the authorization endpoint of the OpenID provider for Infor OS to request for a code as part of the OIDC flow.

Token_EndPoint

This is the token endpoint of the OpenID provider to obtain an ID token and access token.

jwks_uri userinfo_endpoint

This is the endpoint that retrieves the keys to validate the signature of the ID token.

If provided, this endpoint is called by Infor OS to retrieve the user profile information.

Enable Identity Provider Single Logoff

This is an optional feature. When enabled, the application would log out from the identity provider.

If this option is enabled, the end_session_endpoint becomes mandatory.

end_session_endpoint

This is the property that provides the endpoint to be called for logging out the user from the identity provider.

scopes_supported

Infor OS, while making an OpenID connect request, includes the email,profile and openid as the default scopes. If the request must include additional scopes, they must be provided as comma separated values.

Attribute Name

The attribute name, for example, username, email, first_name, last_name, is sent from the OpenID provider in the ID token or attributes from the User Info endpoint.

EE user lookup field

This a drop-down of the external entity properties to map the userlookup..

Callback URL

This is the endpoint to which the OpenID provider returns the ID tokens. This URL is required by the OPENID provider when registering the client.