QA: How to use and verify the different OpenID Connect SSO endpoints?

SSO with OpenID Connect Provider App is a bit different from SAML SSO

  1. While creating a OIDC service entry the redirectURI must have https as the protocol, otherwise one get a unknown client_id error

  2. The OpenID Configuration is visible at:
    https://ucs-sso.{domain}.de/.well-known/openid-configuration

  3. Access to authorization_endpoint with https://oidcdebugger.com/
    https://ucs-sso.{domain}.de/signin/v1/identifier/_/authorize

    response: authorization_code

  4. Access to token_endpoint with curl

    curl -i -k -X POST "https://ucs-sso.{domain}.de/konnect/v1/token" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=authorization_code&code={authorization_code}&client_id={id}&client_secret={secret}&redirect_uri=https%3A%2F%2Foidcdebugger.com%2Fdebug"

    response:

{
  "access_token": "...",
  "token_type": "Bearer",
  "id_token": "...",
  "expires_in": 600
}

  1. Access to userinfo_endpoint with curl

    curl -i -k -X POST https://ucs-sso.{domain}.de/konnect/v1/userinfo -H "accept: application/json" -H "Authorization: Bearer {access_token}"

    response:

{
  "sub": "foo...bar@konnect"
}
2 Likes

This topic was automatically closed after 60 minutes. New replies are no longer allowed.

Mastodon