OpenID Connect (OIDC) user manager

You can allow users who already have an account in OpenID Connect (OIDC) user managers to connect to JMap Web and JMap NG applications using that account.

For detailed information on this protocol, visit the OpenID Connect 1.0 website.

Configuring an OIDC user manager is complex. Your organization’s IT department will provide the OIDC settings. The following table describes the settings related to JMap.

OIDC user manager

Friendly name

This name allows you to easily identify the OIDC user manager in JMap Server and identify the users from this manager.

Administrator password

An administrator is automatically created when this manager is used. You must enter the password of this account in this field.

Groups

Unlike with Active Directory and LDAP, user accounts from the OIDC manager are not known in advance because they are created as the users connect to a JMap Web or JMap NG application. That said, how can permissions be granted on JMap’s resources to users who are not known in advance? Groups that are defined in advance allow you to grant permissions related to JMap’s resources. When a user connects to a JMap application for the first time, OIDC assigns the user to one or more of the groups defined in Groups attribute based on the information in that user’s profile. Since the OIDC user manager is in read-only mode, you cannot create users or groups in JMap’s Users and Groups sections. This setting allows you to create groups by entering their names. Afterwards, you can grant permissions to these groups, which contain the users from OIDC. There must be an exact match between the names of the groups in OIDC and the groups you create using this setting. If a user connects to an application for the first time via OIDC and his/her profile indicates a group that doesn’t exist in JMap, the group will be created automatically and will be displayed in the Groups section.

Default group

Select the group to which you will assign all users who are not assigned to a group in OIDC (in Groups attribute). Example: you can create a group called Guests; all users who connect to a JMap Web or JMap NG application for the first time and whose OIDC profile doesn’t indicate a group will be assigned to this Guests group. You can grant access permissions to the Guests group for a specific project.

Button image

This image appears in the homepage of the JMap Web or JMap NG application and identifies the access to the OIDC manager to log in. Press Choose to select the image. The image must have a maximum size of 100*100 pixels.

Button label

This text appears in the identification button with the image.

SSO callback URL

Your IT department will provide this information.

Client name

The name given by JMap to the OIDC user manager. This name integrates and completes the URL of the OIDC manager.

Discovery URI

Your IT department will provide this information.

Client ID

Your IT department will provide this information.

Client secret

Your IT department will provide this information.

Scope

Your IT department will provide this information.

Response type

Your IT department will provide this information.

Response mode

Your IT department will provide this information.

Use nonce

Your IT department will provide this information.

With state

Your IT department will provide this information.

Disable PKCE

Your IT department will provide this information.

Username / ID attribute

Optional setting. Indicates the attribute containing the user name in OIDC. Your IT department will provide this information.

Email attribute

Optional setting. Indicates the attribute containing the email address in OIDC . Your IT department will provide this information.

First name attribute

Optional setting. Indicates the attribute containing the user’s first name in OIDC. Your IT department will provide this information.

Last name attribute

Optional setting. Indicates the attribute containing the user’s last name in OIDC. Your IT department will provide this information.

Groups attribute

Optional setting. Indicates the customizable attribute that allows you to define groups in OIDC to which the users are assigned. These groups are displayed in the Users and Groups sections in JMap. Your IT department will assist you with this setting.

Dernière mise à jour

K2 Geospatial 2022