Reference13r3:Services/OAuth2/Config: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 12: | Line 12: | ||
* Microsoft AD FS: leave scope empty | * Microsoft AD FS: leave scope empty | ||
* Microsoft Azure AD: use '''openid email''' as value (email doesn't seem to be always neccessary though ...) | * Microsoft Azure AD: use '''openid email''' as value (email doesn't seem to be always neccessary though ...) | ||
;Additional authorize URL query: additional parameters which control specific OAuth2 server settings (your string must start with an &!) | |||
* Microsoft AD FS: if you want to enforce a relogin on every login so that no previous session is used, you can configure '''&prompt=login''' | |||
;Redirect URI: This URI is not configurable, but must be configured inside your OpenID server. Your OpenID server will redirect to this URI after a successfull login. | ;Redirect URI: This URI is not configurable, but must be configured inside your OpenID server. Your OpenID server will redirect to this URI after a successfull login. | ||
;upn (unique email address): An optional mapping of the upn property inside the ID token. Some OpenID servers send a different name, e.g. '''email'''. You can open the configurations URL in your browser and check the claims_supported array. | ;upn (unique email address): An optional mapping of the upn property inside the ID token. Some OpenID servers send a different name, e.g. '''email'''. You can open the configurations URL in your browser and check the claims_supported array. | ||
* Microsoft AD FS: leave field empty | * Microsoft AD FS: leave field empty | ||
* Microsoft Azure AD: use '''email''' as value | * Microsoft Azure AD: use '''email''' as value | ||
Latest revision as of 13:54, 3 August 2023
The OAuth2 service can be used for logging-in to myApps using a Windows password. It connects to an OpenID server, e.g. a Windows AD FS installation.
- Enable
- Turns the OAuth2 service on or off.
- DNS name of this gateway
- The DNS name of the gateway. Must be also reachable over reverse proxies, if myApps is used from outside.
- OpenID well known configurations URL
- OpenID installations all have a so called "well-known" configurations URL which must be configured here, e.g. https://adfs.domain.com/adfs/.well-known/openid-configuration
The part /.well-known/openid-configuration is fixed and should always be available on your Open ID server.
- Client ID
- The client ID of the application group which must be configured inside your OpenID server.
- Scope
- a scope which is needed by some OpenID servers
- Microsoft AD FS: leave scope empty
- Microsoft Azure AD: use openid email as value (email doesn't seem to be always neccessary though ...)
- Additional authorize URL query
- additional parameters which control specific OAuth2 server settings (your string must start with an &!)
- Microsoft AD FS: if you want to enforce a relogin on every login so that no previous session is used, you can configure &prompt=login
- Redirect URI
- This URI is not configurable, but must be configured inside your OpenID server. Your OpenID server will redirect to this URI after a successfull login.
- upn (unique email address)
- An optional mapping of the upn property inside the ID token. Some OpenID servers send a different name, e.g. email. You can open the configurations URL in your browser and check the claims_supported array.
- Microsoft AD FS: leave field empty
- Microsoft Azure AD: use email as value