Configure OpenID Connect authentication using a confidential client - Perceptive AP Invoice Approval - 2.8 - 2.8 - Ready - Other - external

Perceptive AP Invoice Approval User Guide

Platform
Other
Product
Perceptive AP Invoice Approval
Release
2.8
License

Confidential clients are generally preferred. Refer to your organization’s security policies to determine which type of client to use.

To enable OpenID Connect for Perceptive Experience using a confidential client, complete the following steps.

Prerequisite

You must configure the Integration Server for OpenID Connect and create a new OpenID Connect profile for each instance of Perceptive Experience that authenticates with OIDC.

Note: For Integration Server configuration instructions, refer to the Perceptive Integration Server Installation and Setup Guide.

You must configure the Integration Server profile with the following redirect uris:

  1. Configure the Integration Server profile with the following redirect uris:
    • sso.openid.profile.<loginProfile>.post.login.redirect.uri=https://<experience-server>:<port>/<path-to-experience>/#oidc/callback
    • sso.openid.profile.<loginProfile>.error.redirect.uri=https://<experienceserver>:<port>/<path-to-experience>/#oidc/callback?error={error}
  2. Stop the web application servers hosting Perceptive Experience and Integration Server.
  3. Navigate to the root folder on the installation directory for Perceptive Experience.
  4. Open the config.json configuration file in a text editor. The default location for the Perceptive Experience configuration file is [drive:]\Program Files\Apache Software Foundation\[Tomcat Installation]\webapps\<subdirectory>.
  5. Add the clientSession parameter to specify the server connection. The valid entry for OIDC with a confidential client is lesrdl-content-integrationserver:OidcClientSession.
  6. Optional. Add the logoutRedirect parameter to specify the logout URL to redirect users to after logging out of Perceptive Experience.
  7. Add the openIdProfile parameter to specify the profile name defined when configuring the integrationserver.ini.
    Example:
    "framework-core": { "clientSession": "lesrdl-contentintegrationserver:OidcClientSession", "loggingMethod": "Console"},"lesrdl-content-integrationserver": { "openIdProfile": "default"}
    Note: When adding parameters to the config.json file, add a comma between each parameter.
  8. Save the config.jsonconfiguration file and close the text editor.
  9. Restart the web application servers.