Configure an OpenID Connect authentication
In this topic, you learn how to set up an authentication via OpenID and how to configure it in your Cockpit.
Procedure
-
In the Cockpit, go to Settings, and select System Settings.
-
In the Authentication tab, select Edit.
-
Select Add, and select OpenID Connect.
Result: The Authentication window opens.
-
In OpenID Connect, fill in or select the following fields:
-
Enter a Name for the authentication.
-
Select Active to activate this authentication method.
-
Select Show on login page to display the authentication method on the login page.
-
Enter a Description.
-
Enter a Path to generate the endpoints for the authentication method.
-
In Client ID, enter the ID of the client that is registered at your identity provider.
-
Enter the Client Secret.
-
Optionally, to send a reminder email to renew your client secret for OpenID Connect, turn on the switch Send Reminder Email before Expiry.
If you turn on the switch, in Expiry Date, select the expiry date of the client secret. In Days before Expiry, select the number of days in 24 hours until midnight that the email reminder should be sent before expiry of the client secret. In Send to Email Address, enter an email address of your choosing or one that corresponds to the email address you configure for the SMTP host in the Emailing tab.
-
In Discovery URL, enter a well-known openid-configuration.
-
In Redirect Url, enter the URL that is used when the client is redirected back from identity provider.
The URL should look like domain/public/oidc_redirect.html.
-
-
In Claims Assignment, select Add to add claims assignments.
-
If required, in Auto Assignment, assign roles and groups that you have defined in the Role and Security Group tools in the Cockpit.
-
Optional: In Custom Script, you can enter your code to tweak the roles' assignment manually.
-
Select OK.
-
-
In System Settings, select Restart to activate the OpenID Connect authentication.