Inventu Viewer+ Configuration Management

Zoom Window Out
Larger Text | Smaller Text
Hide Page Header
Show Expanding Text
Printable Version
Save Permalink URL

Navigation: Configuration Web Page (Admin.html) > Web Server Tab > Security > OAuth2 OpenID Connect Security

OpenID Connect General Configuration Notes

A typical workflow when adding a new application like FVTerm with your identity provider will include a first step of "adding a new application"--how that works will be different with each provider.

Required by Provider: Redirect URIs / Callback URLs

Providers generally require that you provide valid "Callback" or "Redirection" URIs so that following authentication, the user can be shown the connection page or auto-connected host session in the Inventu Viewer FVTerm web page.

To keep things simple, the following URIs will ensure that you have defined what is needed. These also assume that you will set OpenID Connect Redirect URI Method to "Redirection URI Auto-Detected and Lower-Cased (recommended)" -- "myfvterm.myorganization.com" should be the qualified domain for your server.

FVTerm is the Default Application in IIS:

http://localhost/oidcacs.aspx (for access on server)

https://myfvterm/oidcacs.aspx (for access on local area network)

https://myfvterm.myorganization.com/oidcacs.aspx (for access anywhere)

FVTerm is NOT the Default Application in IIS:

http://localhost/fvterm/oidcacs.aspx (for access on server)

https://myfvterm/fvterm/oidcacs.aspx (for access on local area network)

https://myfvterm.myorganization.com/fvterm/oidcacs.aspx (for access anywhere)

After creating the application, you will need to find the following settings, which may have different labels or descriptions depending on the provider:

•OpenID Connect Issuer URL for Authenticating -- this is the base URL or Domain -- some providers will include "https://" while others will only have the domain

•OpenID Connect ClientID -- this should be an easy text string to find in our provider's setting for your application

•OpenID Connect Client Secret -- Might be hidden like a password, but you will need to copy and paste to the Inventu Viewer settings.

•OpenID Connect Discovery URIs Supported -- Does your provider support well-known discovery URI's ? If not, the following two settings will be needed

•OpenID Connect Authorization Endpoint -- Needed if Discovery is not supported

•OpenID Connect Token Endpoint -- Needed if Discover is not supported

If you are able to set a "Token Endpoint Authentication Method" select Post (application uses HTTP Post during authentication).

Note: in following example URI's, the "fvterm.mydomain.com" is a simple example and you should subsitute the DNS name of your FVTerm server or cluster accordingly!

No Login URI is required, but if your environment includes the ability to add links to the FVTerm application, you can use the base URL like https://fvterm.mydomain.com/ if you have made FVTerm the default folder/application in IIS or https://fvterm.mydomain.com/fvterm if FVTerm is not the default folder. If for some reason you need this, the URI would be:

https://fvterm.mydomain.com/fvterm/OIDCAcs.aspx?needAuth=yes

No Logout URI is supported at this time.