Select the Type of OIDC Configuration
Configuring OIDC is one of the steps in installing or upgrading Digital.ai Deploy using the Operator-based installer.
Here's what you must do when you see the following prompt during the installation or upgrade.
Prompt | ? Type of the OIDC configuration: [Use arrows to move, enter to select, type to filter, ? for more help] | |||||
---|---|---|---|---|---|---|
Prompt valid for—product | Deploy | Release | ||||
Yes | Yes | |||||
Available values | existing [Existing OIDC Configuration] external [External OIDC Configuration] identity-service [Identity Service Configuration] no-oidc [No OIDC Configuration] | |||||
Default value | no-oidc [No OIDC Configuration] | |||||
Remarks | The existing [Existing OIDC Configuration] value shows up only for upgrades on sites that already have an existing OIDC setup. |
existing [Existing OIDC Configuration]
The existing [Existing OIDC Configuration] value shows up only for upgrades on sites that already have an existing OIDC setup.
Choose the—existing [Existing OIDC Configuration]—option if you have an existing OIDC setup, which you want to use.
external [External OIDC Configuration]
Choose this option—external [External OIDC Configuration]—if you have set up an external OIDC authentication server such as Keycloak, Okta, or Azure Active Directory (Office 365).
For more information about setting up an external OIDC authentication server for Digital.ai Deploy, see:
Once you select this external [External OIDC Configuration] option, you would be prompted to type in the OIDC configuration details immediately.
? Configure external oidc setup: [Enter to launch editor]
Press enter and type the OIDC configuration details in the editor.
Here's the list of key OIDC parameters you must configure for Deploy:
accessTokenUri: ""
clientId: ""
clientSecret: ""
emailClaim: ""
issuer: ""
keyRetrievalUri: ""
logoutUri: ""
postLogoutRedirectUri: ""
redirectUri: ""
rolesClaimName: ""
userAuthorizationUri: ""
userNameClaimName: ""
fullNameClaim: ""
scopes: ["openid"]
Save the OIDC configuration and continue with the installation or upgrade.
identity-service [Identity Service Configuration]
Choose this option—identity-service [Identity Service Configuration]—if you have set up authentication via the Digital.ai Platform identity service.
Contact Digital.ai Support for:
- Creating Deploy clients in the Digital.ai Platform
- Setting up the IDP in the Digital.ai Platform identity service
- Gathering information such as the
clientId
andclientSecret
For more information, see
Once you have the Digital.ai Platform identity service set up for Deploy, you can select the option—identity-service [Identity Service Configuration].
Once you select this identity-service [Identity Service Configuration] option, you would be prompted to type in the Digital.ai Platform identity service configuration details immediately.
? Configure Identity Service setup: [Enter to launch editor]
Press enter and type the OIDC configuration details in the editor.
Here's the list of key OIDC parameters you must configure for Digital.ai Platform identity service for Deploy:
external: true
clientId: ""
clientSecret: ""
issuer: ""
redirectUri: ""
postLogoutRedirectUri: ""
rolesClaimName: ""
userNameClaimName: "preferred_username"
scopes: ["openid"]
no-oidc [No OIDC Configuration]
- This is the default value for the OIDC configuration step.
- Choose this option to go with the native local user authentication that comes with Digital.ai Deploy.