Reference13r3:Services/OAuth2/Config
Jump to navigation
Jump to search
The OAuth2 service can be used for logging-in to myApps using a Windows password. It connects to an OpenID server, e.g. a Windows AD FS installation.
- Enable
- Turns the OAuth2 service on or off.
- DNS name of this gateway
- The DNS name of the gateway. Must be also reachable over reverse proxies, if myApps is used from outside.
- OpenID well known configurations URL
- OpenID installations all have a so called "well-known" configurations URL which must be configured here, e.g. https://adfs.domain.com/adfs/.well-known/openid-configuration
The part /.well-known/openid-configuration is fixed and should always be available on your Open ID server.
- Client ID
- The client ID of the application group which must be configured inside your OpenID server.
- Scope
- a scope which is needed by some OpenID servers
- Microsoft AD FS: leave scope empty
- Microsoft Azure AD: use openid email as value (email doesn't seem to be always neccessary though ...)
- Additional authorize URL query
- additional parameters which control specific OAuth2 server settings (your string must start with an &!)
- Microsoft AD FS: if you want to enforce a relogin on every login so that no previous session is used, you can configure &prompt=login
- Redirect URI
- This URI is not configurable, but must be configured inside your OpenID server. Your OpenID server will redirect to this URI after a successfull login.
- upn (unique email address)
- An optional mapping of the upn property inside the ID token. Some OpenID servers send a different name, e.g. email. You can open the configurations URL in your browser and check the claims_supported array.
- Microsoft AD FS: leave field empty
- Microsoft Azure AD: use email as value