Configure OpenID Connect for an Access Application
Learn to configure the OpenID Connect parameters for an access application.
- Log in to the EAA Management Portal.
- From the top menu bar, click .
- In the Application-facing Authentication Mechanism field, select OpenID Connect 1.0.
- Click Save and go to OIDC Settings.
Copy the Discovery URL.
The discovery URL is automatically generated. If your client application does
not automatically fetch metadata, you can copy or download this file from EAA.
to view this data or click Download to
download the metadata file.
Note: In the application, you must provide this URL as the provider URL or upload the metadata file. If the application does not allow you to provide the URL or upload the metadata file, you may need to configure the application with the individual elements that are defined in the file.
In the Relying Party
- Copy the Client ID.
- Copy the Client Secret to a secure location.
- If you need to rotate the secret, click Rotate client secret. Copy the secret to a secure location and update the application with the new secret.
- Enter this information into the application (relying party).
- In the Redirect URI field, enter the redirect or callback URL from your application. This field is required. Click Add More to enter more URIs.
- If you are using an implicit authentication flow for OpenID Connect, select Implicit Grant.
- If you want to disable the logout that is initiated by the identity provider, disable the Front channel logout session required option.
- If the front channel logout session setting is enabled, in the Front channel logout-URI(s) field, enter a URI or URL to support this feature. Click Add More to enter more URIs. The scheme, protocol, and port of the front channel URI must match one of the configured redirect URIs.
- To configure post logout redirect URI(s), enter the URI where the OpenID provider sends logout responses to logout requests.
- To enable proof key for code exchange (PKCE), select PKCE.
- Ensure Include claims in id_token is enabled.
- To view or download the metadata for the client, click View or Download.
To add a claim:
- Click Add More.
If you select Custom Scope, a field appears where you can enter a value.
Select a Claim Name
based on the scope you selected or specified.
If you select Custom, a field appears where you can enter a name.
Select a Value.
If you select Custom Script or Fixed Value, you must enter data in the provided field.
- To add more scopes, repeat steps 7a to 7d.
- Click Save and return to Deployment.
- Deploy the application.
Ensure that you have configured the application (relying party) with the discovery URL or the JSON metadata file information, the client ID, and the secret.