Configuration Guide
The SSO Workflow Bridge supports any OpenID Connect (OIDC) compliant Identity Provider, and you can configure multiple providers simultaneously. The configuration structure follows this general pattern:
com:
c4-soft:
springaddons:
oidc:
ops:
# First OIDC provider configuration
- iss: <issuer-url-1>
username-claim: <username-claim-field>
vendor: <vendor-1>
tenant-id: <tenant-id-1>
client-id-claim: <client-id-claim-field>
clients:
- <client-id-1>
- <client-id-2>
# Second OIDC provider configuration
- iss: <issuer-url-2>
username-claim: <username-claim-field>
vendor: <vendor-2>
tenant-id: <tenant-id-2>
client-id-claim: <client-id-claim-field>
clients:
- <client-id-3>
Configuration Fields Explained
-
iss (Issuer URL): The URL of your Identity Provider that issues the JWT tokens. This is the base URL where your authentication server is hosted.
-
username-claim (Username Claim Field): The JWT claim field that contains the username. Common values include:
preferred_username
email
sub
-
vendor (Identity Provider Vendor): The name of your Identity Provider vendor. Any OIDC-compliant provider can be used.
-
tenant-id (Tenant ID): The unique identifier for your organization's tenant in the Identity Provider system. This field may be required depending on your Identity Provider.
-
client-id-claim (Client ID Claim Field): The JWT claim field that contains the client ID. This helps identify which application the token was issued for.
-
clients (Authorized Clients): A list of client IDs that are authorized to access the SSO Workflow Bridge. Each client ID should match the client ID registered in your Identity Provider.
You can configure multiple OIDC providers by adding additional entries under the ops
list. Each entry represents a separate Identity Provider configuration with its own issuer URL, clients, and settings. This allows you to support authentication from different providers simultaneously.
While we provide specific configuration guides for some popular providers, you can use any OIDC-compliant Identity Provider. Here are some example configurations:
- Keycloak Configuration
- Okta Configuration
- For other OIDC providers, follow their documentation for obtaining the necessary configuration values.