OpenID is an open standard and decentralized authentication protocol which allows users to be authenticated by co-operating sites (known as relying parties) using a third-party service.
To configure OpenID Connect authentication for your App Portal site, perform the following steps:
To configure OpenID Connect authentication:
1.
In your identity provider platform, provide this URL for redirecting to App Portal after sign in.
http://YOURAPPPORTALSERVER/esd/OpenIdSignOn.aspx
2.
Obtain the Single sign-on URL, Authentication request end point, and Client ID from your identify provider.
3.
Launch App Portal and open the Site Management > Settings > Single Sign-On view.
4.
From the Single sign-on type list, select OpenID Connect. The OpenID Connect settings are listed.
5.
Enter the Single sign-on URL, Authentication request end point, and Client ID that you obtained from your identity provider platform.
6.
In the Redirect URL field, enter:
http://YOURAPPPORTALSERVER/esd/OpenIdSignOn.aspx
7.
In the State field, enter any value that will passed back to App Portal by the identity provider platform post login for validation. The State value helps to validate that the correct ID Token is received. Also, this value comes as a Key in the Form element.
8.
In the Nonce field, enter any value that will passed back to App Portal by the identity provider platform post login for validation. The Nonce value helps to validate that the correct ID Token is received. Also, it is used to mitigate replay attacks.
9.
When the client application receives the ID Token from the identity provider platform, it is the responsibility of the client to validate the ID Token. This validation process involves a number of steps which would get performed when the Bypass token validation option is not selected. If you want to bypass token validation, select the Bypass token validation option.
10.
Click Generate ‘Initiate Login URL’. Using the information provided, login URL is generated.
11.
Click Save to save the OpenID Connect details.
12.
Copy the generated URL.
13.
Return to the account settings page of your identity provider platform and paste the generated URL into the Initiate login URL field.
14.
To configure IIS to use anonymous authentication instead of Windows authentication, perform the following steps.
a.
Open IIS Manager and select the ESD virtual directory under Sites in the tree.
b.
Double-click on Authentication to open the Authentication view.
c.
Set Anonymous Authentication to Enabled, and set Windows Authentication to Disabled.
