Get started
- 15 Nov 2024
- 1 Minute to read
- Print
Get started
- Updated on 15 Nov 2024
- 1 Minute to read
- Print
Article summary
Did you find this summary helpful?
Thank you for your feedback
Basics about OpenID Connect (OIDC):
OpenID provider (identity provider): provider who is responsible for the authentication.
Relying party (service provider): Grassfish who provides the service IXM Platform.
End user: a user of the identity provider who wants to log in to the IXM Platform.
Preconditions
Before you start the OIDC setup, consider the following questions and preconditions:
You need a unique username. For example, an email address.
You must determine whether the user should have access to the IXM Platform when the login against the identity provider is successful but the user doesn’t exist in the IXM Platform. Our recommendation is to allow this.
Consider whether the login is only for one IXM Platform customer:
If so, you need to know the customer code.
If not, consider the following points:
Will the customer provide the IXM Platform customer code during the login (via user claims)?
Should you setup a separate OIDC login webservice for each IXM Platform customer code?
Consider whether permissions are managed in the IXM Platform or whether the identity provider provides user groups and/or permission groups during the login (via user claims):
If they’re managed in the IXM Platform, what are the default user groups and permission groups if the user doesn’t exist?
You may have to create a basic user group and permission group without rights. After the first login, the administrator must assign the user to specific user groups and permission groups.
A test user is required. This user should be in the call during the setup to provide information while testing the login.
.png?sv=2022-11-02&spr=https&st=2025-02-06T14%3A22%3A39Z&se=2025-02-06T14%3A37%3A39Z&sr=c&sp=r&sig=VGTI7O5aHJ2NI4%2BRczgWaL7DcEABkk%2B84X%2F58hGIhNw%3D)