Versions Compared

Old Version 13

changes.mady.by.user Oscar Santolalla

Saved on

compared with

New Version Current

changes.mady.by.user Oscar Santolalla

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


WORK IN PROGRESS

*** TO BE REMOVED ONCE PUBLISHED ***

This will replace older KNB article Configure Telia FTN authentication using OIDC  

Main changes:

  • Method is OpenID Connect, and currently Telia uses JWKS instead of client_secret
  • Show new UI on SSO to configure OpenID Connect method

*** TO BE REMOVED ONCE PUBLISHED ***

Useful documentation:

Configure OpenID Connect authentication method in SSO Management UI

OpenID Connect authentication method - SSO

older documentation: https://intra.ubisecure.com/confluence/display/~arto.vainiolehto/OpenID+Connect+method+registration+from+Management+UI    ← It shows the IDP side (OAuth2 application)

ticket: https://intra.ubisecure.com/jira/browse/IDS-105  When you need to integrate your application to Finnish Trust Network using Telia Tunnistus (Telia Identification Broker Service), from your identity platform perspective, Telia Tunnistus is an OpenID Connect method. Follow the step by step guide below.

Step by Step


Create OpenID Connect Method

Create an OpenID Connect method. You can do it through SSO Management UI from version 8.8.0. For older versions, you must use SSO API to create the method.

...

Now, press "Update" at the bottom.


Registration

...

On the method, go to OpenID Connect tab.

...

Save the file to your workstation.


Send the Registration Request (the JSON file you just saved, e.g. oidc.ftn.1.json) to Telia TIBS Tunnistus' operations team.

(Telia will create an OAuth2 application on their SSO Management, which will correspond to your OpenID Connect method, and upload the JSON file you sent them.  UPLOAD and then ACTIVATE

As a result they will generate a Registration response on JSON format and will send it to you)


Once you receive it from Telia Once you receive a response from Telia Tunnistus team, come back to OpenID Connect tab and upload the JSON file to the "registration response" field.

...

Go to "Main" tab, and check Enabled

Press Update

*** END ***

In case the IDP doesn’t generate  the registration response: 

https://ubisecuredev.atlassian.net/wiki/display/IDS20213/OpenID+Connect+authentication+method+-+SSO

An example client metadata with Ubisecure extensions  ← must be edited manually and uploaded in

Now the integration is ready.




Info

In some rare cases you will need to edit the registration response.

If you need to do that, copy the contents from "An example client metadata with Ubisecure extensions" on the OpenID Connect authentication method - SSO page and paste it to a text editor.

Edit it according your needs and save it as JSON.

Once edited manually, you must upload the file on the "Client Metadata" field.