OIDC
OIDC connections to the CipherTrust Manager can be configured using the following:
Managing OIDC Connections using GUI
OIDC Provider: URL of the host server where an OIDC connection exists.
Client ID: this is an Application ID of the OIDC application. It is used with Client Secret to authenticate the application.
Note
The Client ID is a unique field and cannot be updated after the connection is established.
Client Secret: this authentication method uses the application password of the Client ID to enable communication between OIDC and CipherTrust Manager.
Click Next to move to the next step.
Note
The only product supported for OIDC connection is CTE.
Managing OIDC Connections using ksctl
You can use ksctl to manage OIDC connections to authenticate CTE agents.
Note
OIDC connections to authenticate CipherTrust Manager users are configured outside of connection manager.
The following operations can be performed:
Create/Get/Update/Delete an OIDC connection
List all OIDC connections
Creating an OIDC Connection
To create an OIDC connection, run:
Syntax
Note
The clientid
is a unique field and cannot be updated after the connection is established.
Example Request
Example Response
Note
The checksum is a SHA256 checksum value generated from the client_secret
and url
parameters. It will be updated if any of these two parameter values get changed.
Getting Details of an OIDC Connection
To get details of an OIDC connection, run:
Syntax
Example Request
Example Response
Updating an OIDC Connection
To update an OIDC connection, run:
Syntax
Example Request
Example Response
Deleting an OIDC Connection
To delete an OIDC connection, run:
Syntax
Example Request 1
If connection is not being used currently, run;
There will be no response if the OIDC connection is deleted successfully.
Example Request 2
If connection is in-use, run:
There will be no response if the OIDC connection is deleted successfully.
Getting List of OIDC Connections
To list all the OIDC connections, run:
Syntax
Example Request
Example Response