As an alternate to OKTA, Microsoft Azure can be used for OpenID connection to Smart Materials Web.
Prerequisites
Are certificates imported? (multiple needed)
-
Login.microsoftonline.com
-
https:/graph.microsoft.com/oidc/userinfo
Download the root certificate from above page as described under:
Download HTTPS-Certificate from OKTA Server
Hint for known errors
If not configured, OpenID fails and no log file is written.
Configuration
-
Create an APP Registration at:
https://portal.azure.com/#home
-
Click New registration to create a new registration.
-
On the Register an application page, type the Name, and select the Supported account type which fits your company needs, and click Register.
-
Note down your Application (client) ID, this is needed in the Smart Materials Web OpenID configuration.
-
On the left side bar menu under Manage, click Authentication, click Add a Platform and choose Web.
-
Fill the mask for Redirect URIs with you tomcat server callback url:
https://your.tomcatserver.com:8443/ords/apex_authentication.callback
-
Select ID tokens and click Configure.
-
On the left side bar menu under Manage, click Certificates & secrets to add a new secret configuration for OpenID configuration.
-
Type a Description and select an Expires time which fits your company needs.
-
Copy the value to your clipboard.
This is the secret you need to add in the OpenID configuration page in Smart Materials Web.
You cannot do this later again until you create a new secret.
-
On the left side bar menu under Manage, click API Permissions.
-
Click Add a permission and select Microsoft Graph.
-
Select Delegated permissions and pick OpenId permissions > email, openid and profile.
-
On the left side bar menu under Manage, click App roles.
-
Click Create app role, type the Display name, select Users/Groups from the Allowed member types options, type a Value and a Description.
-
Click Overview and Endpoints, and copy the OpenID Connect metadata document URL.
-
In Smart Materials Web, open the Administration > Open ID Administration page, and enter Client ID (determined in step 4), Client Secret (determined in step 10), and Url (determined in step 16).