OIDC
OIDC connections to the CipherTrust Data Security Platform Service for CTE agents can be configured using the following:
Managing OIDC Connections using GUI
-
OIDC Provider: URL of the host server where an OIDC connection exists.
-
Client ID: this is an Application ID of the OIDC application. It is used with Client Secret to authenticate the application.
Note
The Client ID is a unique field and cannot be updated after the connection is established.
-
Client Secret: this authentication method uses the application password of the Client ID to enable communication between OIDC and CipherTrust Manager.
Click Next to move to the Add Products screen of the Add Connection wizard.
Managing OIDC Connections using ksctl
You can use ksctl to manage OIDC connections to authenticate CTE agents.
Note
OIDC connections to authenticate CipherTrust Data Security Platform Service users are configured outside of connection manager.
The following operations can be performed:
-
Create/Get/Update/Delete an OIDC connection
-
List all OIDC connections
Creating an OIDC Connection
To create an OIDC connection, run:
Syntax
ksctl connectionmgmt oidc create --name <connection-name> --description <description> --products <products-name> --meta <key:value> --clientid <client-id> --secret <client-secret> --conn-url <URL>
Note
The clientid
is a unique field and cannot be updated after the connection is established.
Example Request
ksctl connectionmgmt oidc create --name oidc-connection --clientid 2cc2d7db155c472fb2484ca4072d1bb3 --secret client_secret --conn-url www.oidc-test-connection.com
Example Response
{
"id": "901c9158-9ea1-4715-a92c-882c4a9828ee",
"uri": "kylo:kylo:connectionmgmt:connections:oidc-connection-901c9158-9ea1-4715-a92c-882c4a9828ee",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-05-16T05:21:20.725493705Z",
"updatedAt": "2022-05-16T05:21:20.723628387Z",
"service": "OIDC",
"category": "IdP",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "oidc-connection",
"client_id": "2cc2d7db155c472fb2484ca4072d1bb3",
"url": "www.oidc-test-connection.com",
"checksum": "87de71462a719f4de23cbec7be6e22f5390705a009e0dd0516ddd8be17cad187"
}
Note
The checksum is a SHA256 checksum value generated from the client_secret
and url
parameters. It will be updated if any of these two parameter values get changed.
Getting Details of an OIDC Connection
To get details of an OIDC connection, run:
Syntax
ksctl connectionmgmt oidc get <connection-name/ID>
Example Request
ksctl connectionmgmt oidc get --id 901c9158-9ea1-4715-a92c-882c4a9828ee
Example Response
{
"id": "901c9158-9ea1-4715-a92c-882c4a9828ee",
"uri": "kylo:kylo:connectionmgmt:connections:oidc-connection-901c9158-9ea1-4715-a92c-882c4a9828ee",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-05-16T05:21:20.725494Z",
"updatedAt": "2022-05-16T05:21:20.723628Z",
"service": "OIDC",
"category": "IdP",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "oidc-connection",
"client_id": "2cc2d7db155c472fb2484ca4072d1bb3",
"url": "www.oidc-test-connection.com",
"checksum": "87de71462a719f4de23cbec7be6e22f5390705a009e0dd0516ddd8be17cad187"
}
Updating an OIDC Connection
To update an OIDC connection, run:
Syntax
ksctl connectionmgmt oidc modify --id <connection-name/ID> --description <description> --products <products-name> --meta <key:value> --secret <client-secret> --conn-url <URL>
Example Request
ksctl connectionmgmt oidc modify --id 901c9158-9ea1-4715-a92c-882c4a9828ee --conn-url https://new-oidc-url/ --secret new_secret
Example Response
{
"id": "901c9158-9ea1-4715-a92c-882c4a9828ee",
"uri": "kylo:kylo:connectionmgmt:connections:oidc-connection-901c9158-9ea1-4715-a92c-882c4a9828ee",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-05-16T05:21:20.725494Z",
"updatedAt": "2022-05-16T05:29:02.230980966Z",
"service": "OIDC",
"category": "IdP",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "oidc-connection",
"client_id": "2cc2d7db155c472fb2484ca4072d1bb3",
"url": "https://new-oidc-url/",
"checksum": "6277c08784599bda9d4ccb0c6b0c9ed87b6f5add00c3babc2858a290cdc70523"
}
Deleting an OIDC Connection
To delete an OIDC connection, run:
Syntax
ksctl connectionmgmt oidc delete --id <connection-name/Id> --force
Example Request 1
If connection is not being used currently, run;
ksctl connectionmgmt oidc delete --id 901c9158-9ea1-4715-a92c-882c4a9828ee
There will be no response if the OIDC connection is deleted successfully.
Example Request 2
If connection is in-use, run:
ksctl connectionmgmt oidc delete --id 901c9158-9ea1-4715-a92c-882c4a9828ee --force
There will be no response if the OIDC connection is deleted successfully.
Getting List of OIDC Connections
To list all the OIDC connections, run:
Syntax
ksctl connectionmgmt oidc list
Example Request
ksctl connectionmgmt oidc list
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "901c9158-9ea1-4715-a92c-882c4a9828ee",
"uri": "kylo:kylo:connectionmgmt:connections:oidc-connection-901c9158-9ea1-4715-a92c-882c4a9828ee",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-05-16T05:21:20.725494Z",
"updatedAt": "2022-05-16T05:21:20.723628Z",
"service": "OIDC",
"category": "IdP",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "oidc-connection",
"client_id": "2cc2d7db155c472fb2484ca4072d1bb3",
"url": "www.oidc-test-connection.com"
}
]
}