OpenID Connect (OIDC) user manager
You can allow users who already have an account in OpenID Connect (OIDC) user managers to connect to JMap Web and JMap NG applications using that account.
For detailed information on this protocol, visit the OpenID Connect 1.0 website.
Configuring an OIDC user manager is complex. Your organization’s IT department will provide the OIDC settings. The following table describes the settings related to JMap.
OIDC user manager |
|
Friendly name | This name allows you to easily identify the OIDC user manager in JMap Server and identify the users from this manager. |
Administrator password | An administrator is automatically created when this manager is used. You must enter the password of this account in this field. |
Groups | Unlike with Active Directory and LDAP, user accounts from the OIDC manager are not known in advance because they are created as the users connect to a JMap Web or JMap NG application. That said, how can permissions be granted on JMap’s resources to users who are not known in advance? Groups that are defined in advance allow you to grant permissions related to JMap’s resources. When a user connects to a JMap application for the first time, OIDC assigns the user to one or more of the groups defined in Groups attribute based on the information in that user’s profile. Since the OIDC user manager is in read-only mode, you cannot create users or groups in JMap’s Users and Groups sections. This setting allows you to create groups by entering their names. Afterwards, you can grant permissions to these groups, which contain the users from OIDC. There must be an exact match between the names of the groups in OIDC and the groups you create using this setting. If a user connects to an application for the first time via OIDC and his/her profile indicates a group that doesn’t exist in JMap, the group will be created automatically and will be displayed in the Groups section. |
Default group | Select the group to which you will assign all users who are not assigned to a group in OIDC (in Groups attribute). Example: you can create a group called Guests; all users who connect to a JMap Web or JMap NG application for the first time and whose OIDC profile doesn’t indicate a group will be assigned to this Guests group. You can grant access permissions to the Guests group for a specific project. |
Button image | This image appears in the homepage of the JMap Web or JMap NG application and identifies the access to the OIDC manager to log in.
Press Choose to select the image.
The image must have a maximum size of 100 |
Button label | This text appears in the identification button with the image. |
SSO callback URL | Your IT department will provide this information. |
Client name | The name given by JMap to the OIDC user manager. This name integrates and completes the URL of the OIDC manager. |
Discovery URI | Your IT department will provide this information. |
Client ID | Your IT department will provide this information. |
Client secret | Your IT department will provide this information. |
Scope | Your IT department will provide this information. |
Response type | Your IT department will provide this information. |
Response mode | Your IT department will provide this information. |
Use nonce | Your IT department will provide this information. |
With state | Your IT department will provide this information. |
Disable PKCE | Your IT department will provide this information. |
Username / ID attribute | Optional setting. Indicates the attribute containing the user name in OIDC. Your IT department will provide this information. |
Email attribute | Optional setting. Indicates the attribute containing the email address in OIDC . Your IT department will provide this information. |
First name attribute | Optional setting. Indicates the attribute containing the user’s first name in OIDC. Your IT department will provide this information. |
Last name attribute | Optional setting. Indicates the attribute containing the user’s last name in OIDC. Your IT department will provide this information. |
Groups attribute | Optional setting. Indicates the customizable attribute that allows you to define groups in OIDC to which the users are assigned. These groups are displayed in the Users and Groups sections in JMap. Your IT department will assist you with this setting. |
Dernière mise à jour