Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Current »


WORK IN PROGRESS

*** TO BE REMOVED ONCE PUBLISHED ***

This will replace older KNB article Configure Telia FTN authentication using OIDC  

Main changes:

  • Method is OpenID Connect, and currently Telia uses JWKS instead of client_secret
  • Show new UI on SSO to configure OpenID Connect method

*** TO BE REMOVED ONCE PUBLISHED ***




Useful documentation:

Configure OpenID Connect authentication method in SSO Management UI

OpenID Connect authentication method - SSO

older documentation: https://intra.ubisecure.com/confluence/display/~arto.vainiolehto/OpenID+Connect+method+registration+from+Management+UI    ← It shows the IDP side (OAuth2 application)

ticket: https://intra.ubisecure.com/jira/browse/IDS-105  

Step by Step


Create an OpenID Connect method. You can do it through SSO Management UI from version 8.8.0. For older versions, you must use SSO API to create the method.

On SSO Management UI, go to Global Method Settings tab and Click New Method

Name it oidc.ftn.1 or something similar. Select "OpenID Connect" as Method Type.

Press OK buton (at the bottom) and the method will be created.

Once the method is created, go to OpenID Connect tab.

Under "Authentication Provider" you will see "Provider Metadata:" and an "Upload" button, which will allow you to upload Telia Tunnistus metadata. Click the button and upload the JSON file corresponding to https://tunnistus.telia.fi/uas/oauth2/metadata.json  (Obs: https://tunnistus-pp.telia.fi/uas/oauth2/metadata.json for Telia Tunnistus' pre-production environment)


Press OK and you will see that the "Authentication Provider" metadata is now filled in.

Just below you will see "Provider JWKS:" and another "Upload" button, which will allow you to upload Telia Tunnistus JWKS. Make sure you have saved the file as JSON extension, not JWKS. Click the button and upload the JSON file corresponding to https://tunnistus.telia.fi/uas/oauth2/metadata.jwks (Obs: https://tunnistus-pp.telia.fi/uas/oauth2/metadata.jwks for Telia Tunnistus' pre-production environment)


Press OK and now you will see the JWKS field is filled in.

Now, press "Update" at the bottom.


Registration:

On the method, go to OpenID Connect tab.

Press Create to create Registration Request. This will generate a JSON file.


Save the file to your workstation.


Send Registration Request (the JSON file you just saved, e.g. oidc.ftn.1.json ) to Telia TIBS operations team.


(Telia will create an OAuth2 application on their SSO Management, which will correspond to your OpenID Connect method, and upload the JSON file you sent them.  UPLOAD and then ACTIVATE

As a result they will generate a Registration response on JSON format and will send it to you)



Once you receive it from Telia team, come back to OpenID Connect tab and upload the JSON file to the "registration response" field.


Press OK and you will see that the Client Identifier and Client Metadata fields are filled in.

Press Update

Go to "Main" tab, and check Enabled

Press Update


*** END ***


In case the IDP doesn’t generate  the registration response: 

https://ubisecuredev.atlassian.net/wiki/display/IDS20213/OpenID+Connect+authentication+method+-+SSO

An example client metadata with Ubisecure extensions  ← must be edited manually and uploaded in the "Client Metadata" field







  • No labels

Ubisecure Privacy Policy & Cookie Statement