Skip to main content

Configuration Guide

The User Tasks Proxy supports any OpenID Connect (OIDC) compliant Identity Provider, and you can configure multiple providers simultaneously. The configuration structure follows this general pattern:

ut-config/oidc-properties.yaml
com:
  c4-soft:
    springaddons:
      oidc:
        ops:
          # First OIDC provider configuration
          - iss: <issuer-url-1>
            username-claim: <username-claim-field>
            vendor: <vendor-1>
            tenant-id: <tenant-id-1>
            client-id-claim: <client-id-claim-field>
            clients:
              - <client-id-1>
              - <client-id-2>
          
          # Second OIDC provider configuration
          - iss: <issuer-url-2>
            username-claim: <username-claim-field>
            vendor: <vendor-2>
            tenant-id: <tenant-id-2>
            client-id-claim: <client-id-claim-field>
            clients:
              - <client-id-3>

Configuration Fields Explained

  • iss (Issuer URL): The URL of your Identity Provider that issues the JWT tokens. This is the base URL where your authentication server is hosted.

  • username-claim (Username Claim Field): The JWT claim field that contains the username. Common values include:

    • preferred_username
    • email
    • sub

  • vendor (Identity Provider Vendor): The name of your Identity Provider vendor. Any OIDC-compliant provider can be used.

  • tenant-id (Tenant ID): The unique identifier for your organization's tenant in the Identity Provider system. This field may be required depending on your Identity Provider.

  • client-id-claim (Client ID Claim Field): The JWT claim field that contains the client ID. This helps identify which application the token was issued for.

  • clients (Authorized Clients): A list of client IDs that are authorized to access the User Tasks Proxy. Each client ID should match the client ID registered in your Identity Provider.

Multiple OIDC Providers

You can configure multiple OIDC providers by adding additional entries under the ops list. Each entry represents a separate Identity Provider configuration with its own issuer URL, clients, and settings. This allows you to support authentication from different providers simultaneously.

While we provide specific configuration guides for some popular providers, you can use any OIDC-compliant Identity Provider. Here are some example configurations: