Chat now with support
Chat with Support

Cloud Access Manager 8.1.2 - How To Develop OpenID Connect Apps

OpenID® Connect discovery

The optional OpenID Connect specification (available online at http://openid.net/specs/openid-connect-discovery-1_0.html) defines how Relying Parties can automatically query the End-User's OpenID Provider for information needed to interact with it, including its OAuth 2.0 endpoint locations. Dell™ One Identity Cloud Access Manager does not provide this facility.

When would you use OAuth v2.0 and OpenID® Connect?

The purpose of the OAuth v2.0 framework is to allow client applications to gain authorization to access information held on a resource server with the permission of the owner, without the client needing to know the owner’s password. The key difference between it and other federation protocols such as SAML or WS-Federation is that the request for access can be limited to a single resource or a group of resources (rather than an entire web application) and the resource owner is invited to approve the access request.

While OAuth v2.0 can be used to provide the framework for authentication and authorization to any web application, it has become the de facto standard for mobile apps which communicate with an on-line resource server.

In summary, there are three main use cases in which you would consider using OAuth v2.0 or OpenID Connect to provide authentication and authorization services from Dell™ One Identity Cloud Access Manager:
If your organization has purchased software, or subscribes to an online service, which supports use of OAuth v2.0 or OpenID Connect.
If your organization is developing a web-based application for your enterprise where users will interface with the application using a mobile app, then you may consider OAuth v2.0 and OpenID Connect instead of SAML.
If your organization is developing a web-based application for your enterprise whereby other systems require access to resources hosted by your new application.

Cloud Access Manager supports both OAuth v2.0 and OpenID Connect applications through the same back-end SSO method.

Using the OpenID® Connect Flow Test Tool

The OpenID Connect Flow Test Tool allows you to invoke Dell™ One Identity Cloud Access Manager OpenID Connect calls, just as an application would. This can help your understanding of Cloud Access Manager’s implementation of OpenID Connect and be used as a diagnostic tool when developing your own application.

To get started with the OpenID® Connect Flow Test Tool, follow the steps below. Ensure that you have already set up a front-end authenticator in Cloud Access Manager to authenticate a test user:

Client machine

1
The OpenID Connect Flow Test tool can run on any machine with .NET Framework 4.5 installed which has network access to your Cloud Access Manager proxy.
2
From your Cloud Access Manager installation media, open the Tools folder and extract the OIDCFlowTestTool.zip to a suitable location on a machine.
3
Run OIDCFlowTestTool.exe in the extracted folder. This will open a Windows application.
4
In the CAM Proxy Hostname field, supply the hostname of your Cloud Access Manager proxy.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating