This document explains the configuration for the Protocol Settings for your application.
Protocol Settings apply to OpenID Applications - with Protocol Type OPENID_CONNECT_JWT
For Applications that use Haventec IAM, these settings are automatically configured. You more than likely will never need to update them.
For Applications where you are using Your own IAM, you will need to copy some of these settings into your IAM. Consult your IAM documentation for what settings you require. Most of the settings will apply for your Identity Provider configuration, inside your IAM's OpenID config.
Where do I start?
- In the Haventec Console menu, click Applications.
- From the Application List, click the Settings tab for the relevant application.
- From Main Settings menu options select Protocol Settings
- The Protocol Settings page is displayed
The following provides details on the configuration for each of the fields:
- Type - this is either:
- OPENID_CONNECT_JWT - using Haventec IAM, or your own IAM
- HAVENTEC_JWT - using non-OpenID Haventec Native API. The subsequent fields will be blank
- IdP Issuer - Haventec Authenticate is the IdP. It issues the Haventec JWT to the IAM
- App Login Page - for OpenID Applications, this is the Login/Signup landing pages that will prompt your users to enter username/password. These are either:
- Haventec Connect
- Your own custom login pages that call Haventec endpoints
- Token Endpoint - this is the 'token' endpoint of the OpenID spec, a required field in your IdP config inside your IAM
- Client ID - this is the Client ID field in the OpenID spec
- Client Secret - this is the Client Secret field in the OpenID spec
- JWKS Endpoint - this is the 'jwks' endpoint of the OpenID spec, which some IAMs require
- Authorisation Endpoint - this is the 'authorisation' endpoint of the OpenID spec, a required field in your IdP config inside your IAM
- Valid OpenID redirect URI values - this is the whitelist of urls that are allowed to redirect to the IAM. See https://haventec.zendesk.com/hc/en-us/articles/4868168909455
- This is required to prevent MITM attacks on the IdP
See https://haventec.zendesk.com/hc/en-us/articles/5088686041487
- This is required to prevent MITM attacks on the IdP
Comments
0 comments
Please sign in to leave a comment.