forked from univention/openid-connect-provider
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathREADME_EN
22 lines (21 loc) · 1.37 KB
/
README_EN
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
An OpenID Connect provider for UCS. Based on <a href="https://github.com/Kopano-dev/konnect">Kopano Konnect</a>.
<br>
<br>
Configuration options for services can be retrieved via HTTPS protocol on the hostname that is configured in the app settings under the path /.well-known/openid-configuration. The default value after installing the app on a DC master and backup is https://ucs-sso.<UCS-domainname>/.well-known/openid-configuration. On other server roles, the meta information is available directly via the hostname.
<br>
<br>
New services can be added in UMC LDAP browser module: In the container 'univention' and 'oidc', a new 'OpenID Connect relying party service' object can be added. Additionally, the udm command can be used:
<pre>
udm oidc/rpservice create --set name=<internal_name><internal_name\> \
--position cn=oidc,cn=univention,$(ucr get ldap/base) \
--set clientid=<client_identifier><client_identifier\> \
--set clientsecret=<averylongpassword><averylongpassword\> \
--set trusted=yes \
--set applicationtype=web \
--set redirectURI=<URL_from_client_documentation><url_from_service_documentation\>
</url_from_service_documentation\></averylongpassword\></client_identifier\></internal_name\>
</pre>
Logs for the provider can be found in the app container's docker logs:
<pre>
univention-app logs openid-connect-provider
</pre>