Skip to main content
Skip table of contents

Ping Federated OIDC

Feature

Integrating OAuth2 Authentication with Germain Using Ping Federated OIDC

Configuration in the provider

Check/set the configuration in the provider accordingly and take notes, as those values will be used in Germain config.

OAuthAuthentication configuration - provider

Mapping group from OAuth Provider

Configuration in Germain

  1. Sign in to your Germain application as an administrator.

  2. Go to System > System Settings > Root Config (Advanced).

  3. Navigate to monitoringConfig > systemConfig > authentication. In AuthenticationConfig, set the following:

    • defaultRedirectPath: workspace URL (e.g., http://localhost:8080/germainapm/workspace/app)

    • oauthAuthentication: true

      OAuthAuthentication parameter - Germain UX

  4. Go to System > Auth Settings > Authentication.

  5. Click the Plus button to add a new Authentication Provider.

  6. Select OAuth Provider and click next.

    Select OAuth provider - Germain UX

  7. Configure the provider settings:

    • Provider Name: Name for your Auth Provider

    • Client ID: <Client ID Copied from OAuth provider>

    • Client Secret: <Client Secret Copied from OAuth provider>

    • Authorization Grant Type: authorization_code

    • Redirect URI Template: {baseUrl}/login/oauth2/code/{registrationId}

      • [No need to substitute baseUrl or registrationId]

    • Authorization URI: https://<yourOauthProvider>/as/authorization.oauth2

      • Add any additional parameter as necessary (e.g ?acr_values=R1_AAL1_MS-AD-Kerberos)

    • Token URI: https://<yourOauthProvider>/as/token.oauth2

    • User Info URI: https://<yourOauthProvider>/ldp/userinfo.openid

    • JWK Set URI: https://<yourOauthProvider>/pf/JWKS

    • User Name Attribute: sub

    • JWS Algorithm: ES256

    • Role List Path: msad_groups

      • In case the roles will be controlled in the provider

    • Scope values: openid, profile, address, email, phone

  8. Click Finish.

  9. Restart the Tomcat services to apply the changes.

Once completed, you should get automatically signed in once you access the Germain page if you have access.

Service: Authentication

Feature Availability: 8.6.0 or later

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.