Home A - Z

An Otter Wiki

Commit 0449d6

2024-08-20 19:58:08 Hargata Softworks: z
openid.md ..
@@ 11,6 11,7 @@
OpenIDConfig__RedirectURL=https://<yourlubeloggerdomain.com>/Login/RemoteAuth(must be HTTPS)
OpenIDConfig__Scope=The scope for retrieving the user's email claim(usually it's just 'email')
OpenIDConfig__ValidateState=true/false(default: false) - whether LubeLogger should validate state.
+ OpenIDConfig__UsePKCE=true/false(default: false) - whether LubeLogger should use PKCE
OpenIDConfig__DisableRegularLogin=true/false(default: false) - auto re-direct user to OIDC login.
OpenIDConfig__LogOutURL=Log Out URL for OIDC Provider, required if DisableRegularLogin=true.
```
@@ 27,6 28,7 @@
"RedirectURL": "",
"Scope": "",
"ValidateState": true/false,
+ "UsePKCE": true/false,
"DisableRegularLogin": true/false,
"LogOutURL": ""
}
@@ 43,12 45,16 @@
OpenIDConfig__RedirectURL=https://localhost:5011/Login/RemoteAuth
OpenIDConfig__Scope=email
OpenIDConfig__ValidateState=true
+ OpenIDConfig__UsePKCE=false
OpenIDConfig__DisableRegularLogin=false
```
## State Validation
The ValidateState environment variable determines if LubeLogger should validate the state token echoed back by the OIDC provider. This is set to false by default, if enabled, LubeLogger will fail any login attempts where the state token is not identical to what it sent to the provider. Leave this disabled if you wish to have IdP-initiated SSO.
+ ## Proof of KeyCode Exchange(PKCE)
+ The UsePKCE environment variable determines if LubeLogger should generate and pass in a SHA-256-hashed challenge code to the OIDC provider.
+
## Testing
Once you have all these environment variables injected correctly, you should see the ability to login via your OIDC provider. Note: Currently LubeLogger only supports one OIDC provider.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9