Skip to main content
Version: Release 22.3

Select the Type of OIDC Configuration

Configuring OIDC is one of the steps in installing or upgrading Digital.ai Deploy or Release using the Operator-based installer.

Here's what you must do when you see the following prompt during the installation or upgrade.

Prompt? Type of the OIDC configuration: [Use arrows to move, enter to select, type to filter, ? for more help]
Prompt valid for—productDeployRelease
YesYes
Available valuesexisting [Existing OIDC Configuration]
external [External OIDC Configuration]
identity-service [Identity Service Configuration]
embedded [Embedded Keycloak Configuration]
no-oidc [No OIDC Configuration]
Default valueno-oidc [No OIDC Configuration]
RemarksThe existing [Existing OIDC Configuration] value shows up only for upgrades on sites that already have an existing OIDC setup.

existing [Existing OIDC Configuration]

The existing [Existing OIDC Configuration] value shows up only for upgrades on sites that already have an existing OIDC setup.

Choose the—existing [Existing OIDC Configuration]—option if you have an existing OIDC setup, which you want to use.

external [External OIDC Configuration]

Choose this option—external [External OIDC Configuration]—if you have set up an external OIDC authentication server such as Keycloak, Okta, or Azure Active Directory (Office 365).

For more information about setting up an external OIDC authentication server for Digital.ai Deploy and Release, see:

Once you select this external [External OIDC Configuration] option, you would be prompted to type in the OIDC configuration details immediately.

? Configure external oidc setup: [Enter to launch editor]

Press enter and type the OIDC configuration details in the editor.

Here's the list of key OIDC parameters you must configure for Deploy:

external: true
accessTokenUri: ""
clientId: ""
clientSecret: ""
emailClaim: ""
issuer: ""
keyRetrievalUri: ""
logoutUri: ""
postLogoutRedirectUri: ""
redirectUri: ""
rolesClaimName: ""
userAuthorizationUri: ""
userNameClaimName: ""
fullNameClaim: ""
scopes: ["openid"]

Here's the list of key OIDC parameters you must configure for Release:

external: true
accessTokenUri: ""
clientId: ""
clientSecret: ""
emailClaim: ""
fullNameClaim: ""
issuer: ""
keyRetrievalUri: ""
logoutUri: ""
postLogoutRedirectUri: ""
redirectUri: ""
rolesClaim: ""
userAuthorizationUri: ""
userNameClaim: ""
scopes: '["openid"]'

Save the OIDC configuration and continue with the installation or upgrade.

identity-service [Identity Service Configuration]

Choose this option—identity-service [Identity Service Configuration]—if you have set up authentication via the Digital.ai Platform identity service.

Contact Digital.ai Support for:

  • Creating Deploy or Release clients in the Digital.ai Platform
  • Setting up the IDP in the Digital.ai Platform identity service
  • Gathering information such as the clientId and clientSecret

For more information, see Digital.ai Platform Documentation.

Once you have the Digital.ai Platform identity service set up for Deploy or Release, you can select the option—identity-service [Identity Service Configuration].

Once you select this identity-service [Identity Service Configuration] option, you would be prompted to type in the Digital.ai Platform identity service configuration details immediately.

? Configure Identity Service setup: [Enter to launch editor]

Press enter and type the OIDC configuration details in the editor.

Here's the list of key OIDC parameters you must configure for Digital.ai Platform identity service for Deploy:

external: true
clientId: ""
clientSecret: ""
issuer: ""
redirectUri: ""
postLogoutRedirectUri: ""
rolesClaimName: ""
userNameClaimName: "preferred_username"
scopes: ["openid"]

Here's the list of key OIDC parameters you must configure for Digital.ai Platform identity service for Release:

external: true
clientId: ""
clientSecret: ""
issuer: ""
redirectUri: ""
postLogoutRedirectUri: ""
rolesClaim: ""
userNameClaim: "preferred_username"
scopes: ["openid"]

embedded [Embedded Keycloak Configuration]

  • Choose this option—embedded [Embedded Keycloak Configuration]—if you want to set up a Keycloak server as part of your Deploy or Release installation or upgrade.
  • Choosing this option installs Keycloak in your cluster.
  • You must provide a public URL (a fully qualified domain name) that you plan to use for accessing the Keycloak server.
  • Once you select this embedded [Embedded Keycloak Configuration] option, you would be prompted to:
    1. Select if you would want to use an embedded database for Keycloak. The default answer to this prompt is No. But, you can choose to type yes to use an embedded database for Keycloak.
    ? Use embedded DB for keycloak: [? for help] (y/N)
    1. Type in the Keycloak public URL immediately.

      ? Enter Keycloak public URL: [? for help]
    2. Press enter and type in the Keycloak public URL.

no-oidc [No OIDC Configuration]

  • This is the default value for the OIDC configuration step.
  • Choose this option to go with the native local user authentication that comes with Digital.ai Deploy or Release.