QA: How to use and verify the different OpenID Connect SSO endpoints?

peichert · September 15, 2021, 3:34pm

SSO with OpenID Connect Provider App is a bit different from SAML SSO

While creating a OIDC service entry the redirectURI must have https as the protocol, otherwise one get a unknown client_id error
The OpenID Configuration is visible at:
https://ucs-sso.{domain}.de/.well-known/openid-configuration
Access to authorization_endpoint with https://oidcdebugger.com/
https://ucs-sso.{domain}.de/signin/v1/identifier/_/authorize

response: authorization_code
Access to token_endpoint with curl

curl -i -k -X POST "https://ucs-sso.{domain}.de/konnect/v1/token" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=authorization_code&code={authorization_code}&client_id={id}&client_secret={secret}&redirect_uri=https%3A%2F%2Foidcdebugger.com%2Fdebug"

response:

{
  "access_token": "...",
  "token_type": "Bearer",
  "id_token": "...",
  "expires_in": 600
}

Access to userinfo_endpoint with curl

curl -i -k -X POST https://ucs-sso.{domain}.de/konnect/v1/userinfo -H "accept: application/json" -H "Authorization: Bearer {access_token}"

response:

{
  "sub": "foo...bar@konnect"
}

peichert · September 15, 2021, 4:34pm

This topic was automatically closed after 60 minutes. New replies are no longer allowed.