Basics about OpenID Connect (OIDC):
OpenID provider (identity provider): provider who is responsible for the authentication.
Relying party (service provider): Grassfish who provides the service IXM One.
End user: a user of the identity provider who wants to log in to IXM One.
Preconditions
Note
Check the release notes to learn more about OIDC versions.
Before you start the OIDC setup, consider the following questions and preconditions:
You need a unique username. For example, an email address.
You must determine whether the user should have access to IXM One when the login against the identity provider is successful but the user doesn’t exist in IXM One. Our recommendation is to allow this.
Consider whether the login is only for one IXM One customer:
If so, you need to know the customer code.
If not, consider the following points:
Will the customer provide IXM One customer code during the login (via user claims)?
Should you setup a separate OIDC login webservice for each IXM One customer code?
Consider whether permissions are managed in IXM One or whether the identity provider provides user groups and/or permission groups during the login (via user claims):
If they’re managed in IXM One, what are the default user groups and permission groups if the user doesn’t exist?
You may have to create a basic user group and permission group without rights. After the first login, the administrator must assign the user to specific user groups and permission groups.
A test user is required. This user should be in the call during the setup to provide information while testing the login.