OpenID Connect

Introduction

Trustelem supports authorization code and implicit flows, as well as the OpenID Connect Discovery 1.1 standard.

If your application support the discovery standard

You need to configure the application with the following settings:

  • ClientID
  • ClientSecret
  • Issuer
  • Metadata URL (if required)

If your application does not support the discovery standard

Additional parameters are necessary:

  • Authorize endpoint
  • Token endpoint
  • User Info endpoint
  • JWKS

Note

  • RedirectURI: this URL has to be the same as the one defined in the application. For example, the URL could be: https://myapplication.tld/redirect_uri

  • Login URL: the application’s URL starting the OIDC flow. It is used as a target to the application on the Trustelem user’s dashboard. For example, the URL could be: https://myapplication.tld/sso-login

  • For logging out users from inside the application, you have to associate a logout URL to an HTML element like a button or a link. This URL is defined by the redirect_uri with a logout= parameter and the post-logout URL in a URL-encoded format. For example, the logout URL could be: https://myapplication.tld/redirect_uri?logout=https%3A%2F%2Fmyapplication.tld

  • PostLogoutRedirectURI: the URL that indicates where to go after a logout. It is usually defined in the logout HTML element of your application. With the previous logout example, the PostLogout URL would be: https://myapplication.tld