OpenID Connect
To make OpenID Connect available, create an Infor Support Portal ticket to request that the feature set flag for STSIdpAuthentication be set to 1 for the tenants who require the feature.
Option | Description |
---|---|
Federated Single Sign On Using OIDC - OIDC Enabled | This flag enables or disables OpenID Connect. When disabled, the OpenID Connect page is disabled. |
Display Name | This option is displayed to users during the sign-in process if you allow users to select their own authentication method on the Authentication URL Options page. |
Display Icon | This option is displayed to users during the sign-in process if you allow users to select their own authentication method on the Authentication URL Options page. |
Import OIDC Metadata |
|
Client ID | The client ID is generated from the identity provider and must be provided manually. |
Client Secret | The client secret is generated from the identity provider and must be provided manually. |
Issuer | This is the entity ID of the OpenID provider. |
Authorization Endpoint | This is the authorization endpoint of the OpenID provider for Infor OS to request for a code as part of the OIDC flow. |
Token_EndPoint | This is the token endpoint of the OpenID provider to obtain an ID token and access token. |
jwks_uri userinfo_endpoint | This is the endpoint that retrieves the keys to validate the signature of the ID
token. If provided, this endpoint is called by Infor OS to retrieve the user profile information. |
Enable Identity Provider Single Logoff | This is an optional feature. When enabled, the application would log out from the
identity provider. If this option is enabled, the end_session_endpoint becomes mandatory. |
end_session_endpoint | This is the property that provides the endpoint to be called for logging out the user from the identity provider. |
scopes_supported |
Infor OS, while making an OpenID connect request, includes the email,profile and openid as the default scopes. If the request must include additional scopes, they must be provided as comma separated values. |
Attribute Name |
The attribute name, for example, username, email, first_name, last_name, is sent from the OpenID provider in the ID token or attributes from the User Info endpoint. |
EE user lookup field | This a drop-down of the external entity properties to map the userlookup.. |
Callback URL |
This is the endpoint to which the OpenID provider returns the ID tokens. This URL is required by the OPENID provider when registering the client. |