Ping Federated OIDC
Feature
Integrating OAuth2 Authentication with Germain Using Ping Federated OIDC
Configuration in the provider
Check/set the configuration in the provider accordingly and take notes, as those values will be used in Germain config.

OAuthAuthentication configuration - provider

Mapping group from OAuth Provider
Configuration in Germain
Sign in to your Germain application as an administrator.
Go to System > System Settings > Root Config (Advanced).
Navigate to monitoringConfig > systemConfig > authentication. In AuthenticationConfig, set the following:
defaultRedirectPath: workspace URL (e.g.,
http://localhost:8080/germainapm/workspace/app
)oauthAuthentication: true
OAuthAuthentication parameter - Germain UX
Go to System > Auth Settings > Authentication.
Click the Plus button to add a new Authentication Provider.
Select OAuth Provider and click next.
Select OAuth provider - Germain UX
Configure the provider settings:
Provider Name: Name for your Auth Provider
Client ID: <Client ID Copied from OAuth provider>
Client Secret: <Client Secret Copied from OAuth provider>
Authorization Grant Type: authorization_code
Redirect URI Template:
{baseUrl}/login/oauth2/code/{registrationId}
[No need to substitute baseUrl or registrationId]
Authorization URI:
https://<yourOauthProvider>/as/authorization.oauth2
Add any additional parameter as necessary (e.g
?acr_values=R1_AAL1_MS-AD-Kerberos
)
Token URI:
https://<yourOauthProvider>/as/token.oauth2
User Info URI:
https://<yourOauthProvider>/ldp/userinfo.openid
JWK Set URI:
https://<yourOauthProvider>/pf/JWKS
User Name Attribute: sub
JWS Algorithm: ES256
Role List Path: msad_groups
In case the roles will be controlled in the provider
Scope values: openid, profile, address, email, phone
Click Finish.
Restart the Tomcat services to apply the changes.
Once completed, you should get automatically signed in once you access the Germain page if you have access.
Service: Authentication
Feature Availability: 8.6.0 or later