Knowledge Base
  • Select Role
  • English
  • Login

OpenID Connect Directory Manager Plugin

Introduction

The OpenID Directory Manager plugin allows you to authenticate users who sign in to Joget through OpenID Connect.

  • Upon clicking the login button, users are redirected to the configured OpenID Connect site for authentication.
  • After successful authentication, users are redirected to Joget using the Callback URL configured in the plugin.
Note: 
  • This plugin requires Joget Enterprise Edition.
  • The source code is available on GitHub.

JogetOSS is a community-led team for open-source software related to the Joget no-code/low-code application platform. Projects under JogetOSS are community-driven and community-supported, and you are welcome to contribute to the projects.

Get started

Where to get the plugin

You can download the plugin from Joget Marketplace.

How to install

  1. Download the plugin JAR file from the Joget Marketplace.
  2. Go to Settings > Manage Plugins > Upload Plugin.
  3. Once uploaded, the plugin will be available in your Joget environment.

How to use it

  1. Set up the API Domain Whitelist in System Settings to *.
    Important:
    If this is not set, you will get a 400 Forbidden error when performing the SSO
  2. In System Settings > Directory Manager, select the OpenID Connect Plugin.
  3. Provide the callback URL to your OID provider and obtain the necessary settings.
  4. Configure the plugin using the settings provided by your OID provider.

Configure openID connect properties

OpenID provider details

  • Callback URL: URL to which Auth0 redirects users after they authenticate.
    Ensure to provide this Callback URL to your OpenID Connect service.
  • Issuer
    • Issuer URL
    • Custom
  • Issuer URL: URL which is used to validate the discovery URL (Issuer URL + "/.well-known/openid-configuration") 
  • URL where Auth0 can find the OpenID Provider Configuration Document, which should be available in the  /.well-known/openid-configuration  endpoint.
  • Authorization Token Endpoint: Authorization server's authorization endpoint, which you can retrieve using the server's Metadata URI (Issuer URL + "/.well-known/openid-configuration"). 
    Sample Format
    https://${Issuer URL}/oauth2/${authServerId}/v1/authorize
    Available when Issuer is set to Custom.
  • Token Endpoint: The endpoint on the Authorization Server is used to programmatically request tokens,  which you can retrieve using the server's Metadata URI (Issuer URL + "/.well-known/openid-configuration"). 
    Sample Format
    https://${Issuer URL}/oauth2/${authServerId}/v1/token
    Available when Issuer  is set to Custom.
  • User Info Endpoint

    User Profile Information,  which you can retrieve using the server's Metadata URI (Issuer URL + "/.well-known/openid-configuration"). 

    Sample Format
    https://${Issuer URL}/oauth2/${authServerId}/v1/userinfo
    Available when Issuer is set to Custom.
  • JSON Web Key Set: Issued by the authorization server and signed using the RS256 signing algorithm
    Sample Format
    https://${Issuer URL}/oauth2/${authServerId}/v1/keys
    Available when Issuer is set to Custom.
  • Response Types Supported: By default, code.
  • Client ID: The Client ID provisioned by the OpenID provider when the client was registered.
  • Client Secret: The Client Secret (password) provisioned by the OpenID provider when the client was registered.
  • Scope: A list of Auth0 scopes to request when connecting to the Identify Provider. By default, openid profile email.
  • User Provisioning Enabled: If enabled, ensures the user account is created in Joget's User Directory.
  • Save Access Token And Refresh Token To User Meta?: If enabled, saves access token and refresh token (if available, may need to include offline_access in Scope) to user meta: oidcAccessToken and oidcRefreshToken

    Tokens can be accessible with the User Meta Hash Variable.

    • #currentUser.meta.oidcAccessToken#
    • #currentUser.meta.oidcRefreshToken#

    Access token can also be refreshed with a Hash Variable #oidc.refreshAccessToken# which will attempt to get a new set of tokens with refresh token if the current access token has expired.

Configure openID connect login button

  • Login Button Text: Login button styling text
    Sample Value
    Login
  • Login Button Icon: Login button styling icon class
    Sample Value
    fas fa-arrow-right
  • Button Text Color: Login button styling button text color
    Sample Value
    white
  • Button Background Color: Login button styling button background-color
    Sample Value
    black

Sample configurations for openID connect identity providers

Attribute / Provider OKTA OKTA Google Microsoft Azure AD Auth0
Issuer Issuer URL Custom Issuer URL Custom Issuer URL
Issuer URL https://dev-sample123.okta.com https://dev-sample123.okta.com https://accounts.google.com https://login.microsoftonline.com/tenantIDSampleValue/v2.0 Before June 2020:
https://dev-sample123.auth0.com
Now:
https://dev-sample123.us.auth0.com
Authorization Token Endpoint N/A https://dev-sample123.okta.com/oauth2/v1/authorize N/A https://login.microsoftonline.com/tenantIDSampleValue/oauth2/v2.0/authorize N/A
Token Endpoint N/A https://dev-sample123.okta.com/oauth2/v1/token N/A https://login.microsoftonline.com/tenantIDSampleValue/oauth2/v2.0/token N/A
User Info Endpoint N/A https://dev-sample123.okta.com/oauth2/v1/userinfo https://www.googleapis.com/oauth2/v3/userinfo https://graph.microsoft.com/oidc/userinfo N/A
Json Web Key Set N/A https://dev-sample123.okta.com/oauth2/v1/keys N/A https://login.microsoftonline.com/tenantIDSampleValue/discovery/v2.0/keys N/A
Response Types Supported code code code code code
Client ID clientIDSampleValue clientIDSampleValue clientIDSampleValue clientIDSampleValue clientIDSampleValue
Client Secret clientSecretSampleValue clientSecretSampleValue clientSecretSampleValue clientSecretSampleValue clientSecretSampleValue
Scope openid profile email openid profile email openid email openid profile email openid profile email
Documentation Link OpenID Connect & OAuth 2.0 API OpenID Connect & OAuth 2.0 API OpenID Connect

To obtain all the URL paths from your Azure App, go to Overview > Endpoints, look for the OpenID Connect metadata document, and open the URL to obtain all the paths.

 Connect to OpenID Connect Identity Provider

Download plugin

Created by Julieth Last modified by Aadrian on Nov 19, 2024
Tags:
Previous AWS Cognito Users Sync Tool Plugin NextOTP (One-Time Password) Email MFA