SSO with OpenID Connect Provider App is a bit different from SAML SSO
-
While creating a OIDC service entry the
redirectURI
must havehttps
as the protocol, otherwise one get aunknown client_id
error -
The OpenID Configuration is visible at:
https://ucs-sso.{domain}.de/.well-known/openid-configuration
-
Access to
authorization_endpoint
with https://oidcdebugger.com/
https://ucs-sso.{domain}.de/signin/v1/identifier/_/authorize
response:
authorization_code
-
Access to
token_endpoint
with curlcurl -i -k -X POST "https://ucs-sso.{domain}.de/konnect/v1/token" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=authorization_code&code={authorization_code}&client_id={id}&client_secret={secret}&redirect_uri=https%3A%2F%2Foidcdebugger.com%2Fdebug"
response:
{
"access_token": "...",
"token_type": "Bearer",
"id_token": "...",
"expires_in": 600
}
-
Access to
userinfo_endpoint
with curlcurl -i -k -X POST https://ucs-sso.{domain}.de/konnect/v1/userinfo -H "accept: application/json" -H "Authorization: Bearer {access_token}"
response:
{
"sub": "foo...bar@konnect"
}