OpenID Connect

Introduction

Trustelem supports authorization code and implicit flows, as well as the OpenID Connect Discovery 1.1 standard.

If your application support the discovery standard

You need to configure the application with the following settings:

  • ClientID

    trustelem.oidc.gi2dXXXX

  • ClientSecret

    kmzHGEKEKFH51r0xXXXXXXXXXXXXX

  • Issuer

    https://mycompany.trustelem.com/app/150XXX

  • Metadata URL (if required)

    https://mycompany.trustelem.com/app/150XXX/.well-known/openid-configuration

If your application does not support the discovery standard

Additional parameters are necessary:

  • Authorize endpoint

    https://mycompany.trustelem.com/app/150XXX/auth

  • Token enpoint

    https://mycompany.trustelem.com/app/150XXX/token

  • User Info endpoint

    https://mycompany.trustelem.com/app/150XXX/userinfo

  • JWKS

    {“keys”:[{“kty”:“RSA”,“use”:“sig”,“kid”:“150XXX”,“alg”:“RS256”,“n”:“XXX…XXX”,“e”:“AQAB”}]}

Note

  • RedirectURI: this URL has to be the same as the one defined in the application.
    For example, the URL could be: https://myapplication.tld/redirect_uri

  • Login URL: the application’s URL starting the OIDC flow. It is used as a target to the application on the Trustelem user’s dashboard.
    For example, the URL could be: https://myapplication.tld/sso-login

  • For logging out users from inside the application, you have to associate a logout URL to an HTML element like a button or a link.
    This URL is defined by the redirect_uri with a logout= parameter and the post-logout URL in a URL-encoded format.
    For example, the logout URL could be: https://myapplication.tld/redirect_uri?logout=https%3A%2F%2Fmyapplication.tld

  • PostLogoutRedirectURI: the URL that indicates where to go after a logout. It is usually defined in the logout HTML element of your application.
    With the previous logout example, the PostLogout URL would be: https://myapplication.tld