Entrust Identity as a Service™ Administrator Help
Click here to see this page in full context

Report errors or omissions

  1. Home >
  2. Manage applications >
  3. Integrate OIDC and OAuth Cloud applications >
  4. Integrate a generic OIDC and OAuth Server application

 

Integrate a generic OIDC and OAuth Server application

You can configure access to custom OpenID Connect (OIDC) applications by integrating a generic OIDC Server application on Identity as a Service. A Server application is a client application that can communicate security with Identity as a Service using a client secret in order to obtain access tokens. Tokens are requested directly from and returned to the client application.

Before you begin, complete the following:

 Identify the attributes that Identity as a Service must contain to establish a connection between Identity as a Service and the OIDC application.

Configure the account settings of your application to accept authentication attempts from your Identity as a Service account. 

Step 1: Add a generic Server application and configure the General settingsStep 1: Add a generic Server application and configure the General settings

Log in to an Identity as a Service account with a role assigned that allows you to configure applications on Identity as a Service.

Click > Security > Applications. The Applications List page appears.

Click Add. The Select an Application Template page appears.

Do one of the following:

Select OpenID Connect and OAuth Cloud Integrations from the search drop-down list and scroll to find the application you want to add to IDaaS.

- or -

In the Search bar, enter a search option to filter for the application you want to add to IDaaS.

Click Generic Server Application. The Add Generic Server Application page appears.

Configure the following App Settings:

Enter the Application Name.

 Enter the Application Description.

Configure the OIDC Settings.

The Grant Types are configured by default.

The Client ID is generated when you create the application on Identity as a Service. You cannot modify the Client ID.

Select the Token / Revocation Endpoint Client Authentication Method from the drop-down list. When using the token or revocation endpoint, clients use this authentication method to authenticate to the Authorization Server.

Copy the Client Secret value. You can then paste the Client Secret value into the required field of your client OIDC application account settings.

Note: You can define your own Client Secret value. However, Entrust recommends that you use the strong secret value provided. You can also optionally view or regenerate a new client secret.

Select the OIDC Signing Certificate used to connect to the Service Provider.

Click Show Advanced Settings to configure advanced settings.

Enter the Default Resource/Audience Request Value to include this value as the resource or audience parameter for every authorization request.

Click Save.

Note: After configuring the General settings, Claims, Customization and Resource Rule tabs appear.

Proceed to Step 2: Configure Customizations.

Step 2: Configure a resource ruleStep 2: Configure a resource rule

Step 3: Optionally, add a resource serverStep 3: Optionally, add a resource server

Click the Resource Servers tab.

Click Add Resource Server.

Follow the instructions in Add an API/URL resource server.