Authentication Source


This article helps you get started quickly and complete the deployment and configuration of the SSO authentication source. The SSO service can be used as the proxy of third-party standard protocol-based authentication services, and can be connected as the client of third-party authentication service. The SSO service acts as a proxy for the third-party authentication service to the client so that a single client can dock with different authentication sources through the same protocol.

Main Concept

  • Authentication Source: Refers to the provider of third-party authentication service.

Target Audience

  • OU administrator

Prerequisites

  • You have an EnOS OU administrator account, and have been authorized by the system administrator with all the operation permissions for Single Sign-On service. For more information, see Policies, Roles and Permissions.

Procedure

  1. In the EnOS Management Console, select Single Sign-On > Authentication Sources.

  2. Click New and provide information for the following.

    • Basic Information

      • Name: The authentication source name, which is globally unique and to be specified when the user logs in.

      • Type: The SSO standard protocol used for the connection of SSO service and third-party authentication service.

      • Enable: If disabled, the client cannot log in by using this authentication source.

    • OIDC Configuration

      • Authorization URI: OAuth2.0 authorize endpoint.

      • Token URI: OAuth2.0 token endpoint.

      • User Info URI: OAuth2.0 userinfo endpoint.

      • Issuer URI: OIDC’s metadata, including the metadata of the authentication source. If this field is filled in, the Authorization URI, Token URI, and jwkSet URI are all optional.

      • jwkSet URI: The signature algorithm address of the Id Token. The JSON Web Key Set is a set of keys, which include the public key used to verify the JSON Web Token (JWT) issued by the authorization server and signed using the RS256 signature algorithm.

      • Default Logout URL: The redirect address after logout. This address will apply if no Logout Redirect URL is specified by the client.

      • Client ID: The unique ID of the client (i.e. SSO service) created by the authentication source.

      • Client Secret: The client (SSO service) communication credential created by the authentication source.

      • Client Authorization Method: The authentication method of the client (i.e. SSO service), including basic/post.

      • Redirect URI: The redirect address after authentication is qualified.

      • Scope: OAuth2.0 Scope.

    • Attribute Mapping: The user attribute field names in Id Token.

      • user name

      • given name

      • family name

      • email

      • phone

      • nike name

    Note

    Ensure that the selected entries are all valid account entries.


  3. Click Save to complete the creation of the authentication source.

Editing the Authentication Source

  1. In the EnOS Management Console, select Single Sign-On > Authentication Sources.

  2. Click the view icon for the newly created authentication source in the list to enter the authentication source details page, and click the Edit button at the bottom of the page to edit the authentication source configuration.

  3. Click Save to complete the editing.