SSO UCS and OpenID

apiron · August 24, 2021, 3:54pm

Hello,

My company has a need for SSO. Hence I woudl like to add the OpenID app to create a SSO connector.

I have two UCS DC and when I want to connect to the admin console, I noticed I’m doing this via an sso url :

https://ucs-sso.example.org/simplesamlphp/module.php/core/ … I’m sparing you the whole url…

With this post, I just would like to be sure that both OpenId app and this url won’t break each other in any way.

If I missed something in the documentation, please point me the right way.

Thanks ahead !

peichert · August 25, 2021, 8:29am

Hello @apiron,

installing the OpenID Connect Provider App will not deactivate the existing Single Sign-On UCS Identity Provider with simplesamlphp, so you can use both in parallel.

Please be aware that they are different in their feature set:

Single Sign-On with OpenID Connect Provider

can only used for IdP initiated SSO
the transmitted information to SP in the Accecs Token is fixed and not configurable at the moment

Single Sign-On with SAML in UCS

will work with IdP initiated and SP initiated SSO
the transmitted information to SP can be configured in the SAML Identity Provider settings

apiron · August 25, 2021, 9:40am

Thank you very much for your answer.
We have a specific use for OpenId, so I’ll install it anyway as intended, but I will remember the difference between the two.

Thanks again !