OpenID Connect

This table describes the options of the Federated Security OpenID Connect tab.
Option Description
Display Name This option is displayed to users during the sign-in process if you allow users to select their own authentication method on the Authentication URL Options page.
Display Icon This option is displayed to users during the sign-in process if you allow users to select their own authentication method on the Authentication URL Options page.
Import OIDC Metadata
  • FROM FILE: allows file types with .json extensions
  • FROM URL: provides the well-known endpoint of the OpenID Provider; all endpoints are imported into IFS
  • All the endpoints can be added manually too
  • The file with a .json extension is parsed, and the following input fields on this page are automatically completed:
    • Issuer
    • Authorization_Endpoint
    • Token_Endpoint
    • Jwks_uri
    • Userinfo_Endpoint
  • Verify the inputs and add any additional information required
  • If you are not importing OIDC metadata, enter the following information manually
Client ID The client ID is generated from the identity provider and must be provided manually.
Client Secret The client secret is generated from the identity provider and must be provided manually.
Issuer This is the entity ID of the OpenID provider.
Authorization Endpoint This is the authorization endpoint of the OpenID provider for Infor OS to request for a code as part of the OIDC flow.
Token_EndPoint This is the token endpoint of the OpenID provider to obtain an ID token and access token.
jwks_uri userinfo_endpoint This is the endpoint that retrieves the keys to validate the signature of the ID token.

If provided, this endpoint is called by Infor OS to retrieve the user profile information.

Enable Identity Provider Single Logoff This is an optional feature. When enabled, the application would log out from the identity provider.

If this option is enabled, the end_session_endpoint becomes mandatory.

end_session_endpoint This is the property that provides the endpoint to be called for logging out the user from the identity provider.
scopes_supported

Infor OS, while making an OpenID connect request, includes the email,profile and openid as the default scopes. If the request must include additional scopes, they must be provided as comma separated values.

Attribute Name

The attribute name, for example, username, email, first_name, last_name, is sent from the OpenID provider in the ID token or attributes from the User Info endpoint.

EE user lookup field This a drop-down of the external entity properties to map the userlookup..
Callback URL

This is the endpoint to which the OpenID provider returns the ID tokens. This URL is required by the OPENID provider when registering the client.