Creating a Federation Partner with XCreds from Twocanoes Software
Creating a federation partner for use with XCreds isn’t particularly different than for other uses.
Configuration Steps
-
Go to Configuration module > Security > Identity Providers > Federation Partners
-
Click Add Federation Partner and Select OpenID Connect and you will be taken to a page to create the OIDC Partner.
-
Under the General section provide a name for the OIDC Partner and add the following Callback URLs:
https://127.0.0.1/xcreds -
Under the Claim Attributes section, add the following Claim Attributes:
Name Claim Claim Type Attribute Value Type LDAP Attribute REGEX Filter Single Valued Binary Profile profile string ldap employeeType false false SN sn string ldap sn true false Email email string ldap mail true false First Name first_name string ldap givenName true false ID id string ldap idautoID true false -
Click Save.
-
It may be necessary to navigate to the the IDP Configuration and trigger a service reload and web reload.
-
Additional setup will be required within XCreds and you will need to make note of the following values:
a. The Client ID of the created Federation Provider. This can be found on the edit page of the Federation Partner that was created.
b. The Client Secret of the created Federation Provider. This can be found on the edit page of the Federation Partner that was created
c. The discovery URL/Endpoint for OIDC on the RapidIdentity Serverhttps://<rapididentity hostname>/idp/.well-known/openid-configuration
Endpoints for OIDC are as follows:
| Endpoint | Path |
|---|---|
| Token Endpoint | /idp/profile/oidc/token |
| UserInfo Endpoint | /idp/profile/oidc/userinfo |
| JWKS Endpoint | /idp/profile/oidc/jwks |
| Discovery Endpoint | /idp/.well-known/openid-configuration |
For details on how to continue the integration configuration from within XCreds, please check out this document: XCreds Identity Provider Integration Guide