Select the Type of OIDC Configuration
Configuring OIDC is one of the steps in installing or upgrading Digital.ai Deploy or Release using the Operator-based installer.
Here's what you must do when you see the following prompt during the installation or upgrade.
Prompt | ? Type of the OIDC configuration: [Use arrows to move, enter to select, type to filter, ? for more help] | |||||
---|---|---|---|---|---|---|
Prompt valid for—product | Deploy | Release | ||||
Yes | Yes | |||||
Available values | existing [Existing OIDC Configuration] external [External OIDC Configuration] identity-service [Identity Service Configuration] embedded [Embedded Keycloak Configuration] no-oidc [No OIDC Configuration] | |||||
Default value | no-oidc [No OIDC Configuration] | |||||
Remarks | The existing [Existing OIDC Configuration] value shows up only for upgrades on sites that already have an existing OIDC setup. |
existing [Existing OIDC Configuration]
The existing [Existing OIDC Configuration] value shows up only for upgrades on sites that already have an existing OIDC setup.
Choose the—existing [Existing OIDC Configuration]—option if you have an existing OIDC setup, which you want to use.
external [External OIDC Configuration]
Choose this option—external [External OIDC Configuration]—if you have set up an external OIDC authentication server such as Keycloak, Okta, or Azure Active Directory (Office 365).
For more information about setting up an external OIDC authentication server for Digital.ai Deploy and Release, see:
- Set up the OpenID Connect (OIDC) Authentication for Release
- Set up the OpenID Connect (OIDC) Authentication For Deploy
Once you select this external [External OIDC Configuration] option, you would be prompted to type in the OIDC configuration details immediately.
? Configure external oidc setup: [Enter to launch editor]
Press enter and type the OIDC configuration details in the editor.
Here's the list of key OIDC parameters you must configure for Deploy:
external: true
accessTokenUri: ""
clientId: ""
clientSecret: ""
emailClaim: ""
issuer: ""
keyRetrievalUri: ""
logoutUri: ""
postLogoutRedirectUri: ""
redirectUri: ""
rolesClaimName: ""
userAuthorizationUri: ""
userNameClaimName: ""
fullNameClaim: ""
scopes: ["openid"]
Here's the list of key OIDC parameters you must configure for Release:
external: true
accessTokenUri: ""
clientId: ""
clientSecret: ""
emailClaim: ""
fullNameClaim: ""
issuer: ""
keyRetrievalUri: ""
logoutUri: ""
postLogoutRedirectUri: ""
redirectUri: ""
rolesClaim: ""
userAuthorizationUri: ""
userNameClaim: ""
scopes: '["openid"]'
Save the OIDC configuration and continue with the installation or upgrade.
identity-service [Identity Service Configuration]
Choose this option—identity-service [Identity Service Configuration]—if you have set up authentication via the Digital.ai Platform identity service.
Contact Digital.ai Support for:
- Creating Deploy or Release clients in the Digital.ai Platform
- Setting up the IDP in the Digital.ai Platform identity service
- Gathering information such as the
clientId
andclientSecret
For more information, see Digital.ai Platform Documentation.
Once you have the Digital.ai Platform identity service set up for Deploy or Release, you can select the option—identity-service [Identity Service Configuration].
Once you select this identity-service [Identity Service Configuration] option, you would be prompted to type in the Digital.ai Platform identity service configuration details immediately.
? Configure Identity Service setup: [Enter to launch editor]
Press enter and type the OIDC configuration details in the editor.
Here's the list of key OIDC parameters you must configure for Digital.ai Platform identity service for Deploy:
external: true
clientId: ""
clientSecret: ""
issuer: ""
redirectUri: ""
postLogoutRedirectUri: ""
rolesClaimName: ""
userNameClaimName: "preferred_username"
scopes: ["openid"]
Here's the list of key OIDC parameters you must configure for Digital.ai Platform identity service for Release:
external: true
clientId: ""
clientSecret: ""
issuer: ""
redirectUri: ""
postLogoutRedirectUri: ""
rolesClaim: ""
userNameClaim: "preferred_username"
scopes: ["openid"]
embedded [Embedded Keycloak Configuration]
- Choose this option—embedded [Embedded Keycloak Configuration]—if you want to set up a Keycloak server as part of your Deploy or Release installation or upgrade.
- Choosing this option installs Keycloak in your cluster.
- You must provide a public URL (a fully qualified domain name) that you plan to use for accessing the Keycloak server.
- Once you select this embedded [Embedded Keycloak Configuration] option, you would be prompted to:
- Select if you would want to use an embedded database for Keycloak. The default answer to this prompt is No. But, you can choose to type yes to use an embedded database for Keycloak.
? Use embedded DB for keycloak: [? for help] (y/N)
-
Type in the Keycloak public URL immediately.
? Enter Keycloak public URL: [? for help]
-
Press enter and type in the Keycloak public URL.
no-oidc [No OIDC Configuration]
- This is the default value for the OIDC configuration step.
- Choose this option to go with the native local user authentication that comes with Digital.ai Deploy or Release.