config user oidc
Configure OpenID Connect servers.
config user oidc
Description: Configure OpenID Connect servers.
edit <name>
set display-name {string}
set icon-url {string}
set type [discovery|manual]
set client-id {string}
set auth-type [client-secret|private-key]
set auth-method [client_secret_basic|client_secret_post|...]
set client-secret {string}
set private-key {string}
set verify-cert [enable|disable]
set discovery-url {string}
set authorization-url {string}
set token-url {string}
set jwks-uri {string}
set domain-hint {string}
set issuer {string}
set verify-issuer [enable|disable]
set user-attr-name [email|sub|...]
set user-regex {string}
set group-attr-name {string}
set ldap-server <name1>, <name2>, ...
set clock-tolerance {integer}
next
end
config user oidc
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
name |
OpenID Connect server entry name. |
string |
Maximum length: 35 |
|
||||||||
|
display-name |
Display name. Used in OpenID Connect landing page. |
string |
Maximum length: 35 |
|
||||||||
|
icon-url |
Icon URL. Used in OpenID Connect landing page. |
string |
Maximum length: 255 |
|
||||||||
|
type |
Type of OpenID Connect config. |
option |
- |
discovery |
||||||||
|
|
|
|||||||||||
|
client-id |
OpenID Connect server client ID. |
string |
Maximum length: 127 |
|
||||||||
|
auth-type |
Authentication Type of OpenID Connect config. |
option |
- |
client-secret |
||||||||
|
|
|
|||||||||||
|
auth-method |
Client Authentication method for Token Endpoint. |
option |
- |
client_secret_basic |
||||||||
|
|
|
|||||||||||
|
client-secret |
OpenID Connect server client secret. |
string |
Maximum length: 255 |
|
||||||||
|
private-key |
OpenID Connect server RSA private key. |
string |
Maximum length: 35 |
|
||||||||
|
verify-cert |
Enable/disable certificate verification (default = enable). |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
discovery-url |
OpenID Connect server discovery URL. |
string |
Maximum length: 255 |
|
||||||||
|
authorization-url |
OpenID Connect server authorization URL. |
string |
Maximum length: 255 |
|
||||||||
|
token-url |
OpenID Connect server token URL. |
string |
Maximum length: 255 |
|
||||||||
|
jwks-uri |
URL of the OP's JWK Set document. |
string |
Maximum length: 255 |
|
||||||||
|
domain-hint |
Domain Hint. |
string |
Maximum length: 255 |
|
||||||||
|
issuer |
OpenID Connect server issuer. |
string |
Maximum length: 255 |
|
||||||||
|
verify-issuer |
Verify issuer in ID token (default = enable). |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
user-attr-name |
Which field in ID token is username |
option |
- |
|
||||||||
|
|
|
|||||||||||
|
user-regex |
username must match this regex (case insensitive). |
string |
Maximum length: 255 |
|
||||||||
|
group-attr-name |
Which field in ID token is group names |
string |
Maximum length: 63 |
|
||||||||
|
ldap-server |
LDAP server name(s). LDAP server name. |
string |
Maximum length: 79 |
|
||||||||
|
clock-tolerance |
Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance). |
integer |
Minimum value: 0 Maximum value: 300 |
15 |
||||||||