Hello,
Our org has moved away from ADFS to OpenID and I m looking for details on configuring Open ID specifically what values goes in these different fields.
They are metadata url, introspection, inspection clientid, introspection secret, consumer key and consumer secret. Would really appreciate if anyone can point to documentation or videos or how to.
Thanks for your help.
please don’t ask the same question multiple places.
You need to get the .well-known/openid-configuration url for your openid connect server, and then you insert that into metadataurl
if it’s a “real” openid connect server, you will only need clientid, if it’s oauth disguised as openid you also need to add a secret
introspection you can ignore. That is used when you want openflow to accept tokens issued directly to clients by a different IDP.
Thank you Allan for getting back.
I added these configurations however I m getting this error. Kindly find screenshots attached.
Your help is greatly appreciated.
you cannot leave out key
Thanks again for getting back. Is the secret ID or client id the key. I used both of them and still got the cannot get error.
Microsoft Entra ID ( that name is so stupid, what was wrong with azure active directory ?? … oh well )Application (client) ID from the app you created
Certificates & secrets ( looks like you did that in the last screenshot )Value field. If you forgot to do this, you cannot get it again, and will need to create a new onein openflow, under providers, add/edit a provider
endpoint you copied from azure portalApplication (client) IDValue from secret you createdThanks a million for getting back Allan
I followed your steps word to word like a bible and still got the cannot get error
Delete the provider in openflow
Add it again and this time use a simpler id. Like office365 … all lowercase and no special chatecters
Sorry to be a bug, gave the ID as office365 and got the same error
why does it say you have a certificate error ?
you cannot use lets encrypt with localhost.openiap.io since that is domain i own.
If you want to use SSL you need to have an public IP for the server and a valid domain name pointing to that IP
please use the normal docker-compose when testing with localhost.
the ssl part is not the problem ( but it will be once you hit office 365, then it will only work if you have a valid certificate or is using localhost without SSL )
but i’m wondering how you even ended up with using SSL … did you change something ? is this my standard letsencrypt docker compose or have you changed anything in this setup ? a different reverse proxy, updated you hosts file etc ?
Good Morning Allan,
I used the letscncrypt yaml and did not change any config. It is just that in my local host file I had given the entry as
xx.xx.xx.xx localhost.openiap.io which I have changed now.
I have requested for a public ip and domain name. I would keep you posted about my progress shortly.
Again, thank you for your help.
you got it backwards …
Thanks Allan.
I deleted the installation of normal and created a dns entry called
I have not started any new installation but wanted to run by you before I start any installation.
To give you a little more information, the machine that we are trying to install is an ubuntu box sitting in a corporate network whitelisted to docker hub and MS websites . We would like this to run openflow with https and set up sso via openid.
thanks for your help.
That will not work, if you are going to be using agents, since they need access to package repositories.
The only way to get ssl on a website that does not have a public IP is to use a self signed/self bought certificate or DNS01 challenges. There is an example in the docker repository, but i will not support that over the forum.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
