OpenID Connect Provider Configuration

This document describes the configuration that must be done on the Identity Provider which is configured in the system in order to enable users to authenticate through the Touch Apps Server and the different Touch Apps.

Please refer to How to access IFS Applications from the Internet for the steps that must be followed to allow external access to the Authentication Provider end point of the IFS Middleware Server if using DB Authentication.

Contents

Related documents

Redirect URIs

Additional Redirect URIs must be registered for the Touch Apps Server and also for the different Touch Apps

 

Touch Apps Customer Portal

The Touch Apps Customer Portal uses the Redirect URI <External-URL>/Token.aspx. This redirect URI must be configured in the Identity Provider used in the system. <External-URL> here is the value specified in the IIS page of the installer.

 

Touch Apps

Touch Apps that support OpenID Connect authentication also have their own Redirect URIs. This will typically be of the format ifs-app.com.ifsworld.#uniqueAppName#://app. These redirect URIs must be configured in the Identity Provider used in the system. Consult the documentation for the specific apps for the exact redirect URI that must be registered for each Touch App.

NOTE: Redirect URI configuration is not required for Android Touch Apps which use Account Manager for user authentication. For such apps only the Redirect URI of the Account Manager app needs to be configured.

NOTE: Depending on the SSL certificate used by the application server it may be necessary to install the certificate on the Touch Apps server to establish proper communication with the application server. This is needed in situations where the application server uses a SSL certificate that is not issued by a well known certificate authority.

 

Please refer to Authentication configurations for the exact steps that must be followed to setup these redirect URIs on the identity provider that is being used in your system.