config user oidc

config user oidc

Configure OpenID Connect servers.

config user oidc
    Description: Configure OpenID Connect servers.
    edit <name>
        set display-name {string}
        set icon-url {string}
        set type [discovery|manual]
        set client-id {string}
        set auth-type [client-secret|private-key]
        set auth-method [client_secret_basic|client_secret_post|...]
        set client-secret {string}
        set private-key {string}
        set verify-cert [enable|disable]
        set discovery-url {string}
        set authorization-url {string}
        set token-url {string}
        set jwks-uri {string}
        set domain-hint {string}
        set issuer {string}
        set verify-issuer [enable|disable]
        set user-attr-name [email|sub|...]
        set user-regex {string}
        set group-attr-name {string}
        set ldap-server <name1>, <name2>, ...
        set clock-tolerance {integer}
    next
end

Parameter

Description

Type

Size

Default

name

OpenID Connect server entry name.

string

Maximum length: 35

display-name

Display name. Used in OpenID Connect landing page.

string

Maximum length: 35

icon-url

Icon URL. Used in OpenID Connect landing page.

string

Maximum length: 255

type

Type of OpenID Connect config.

option

discovery

Option	Description
discovery	Use discovery URL to get configuration.
manual	Use manual configuration.

client-id

OpenID Connect server client ID.

string

Maximum length: 127

auth-type

Authentication Type of OpenID Connect config.

option

client-secret

Option	Description
client-secret	Authorization with Client Secret.
private-key	Authorization with RSA Private Key.

auth-method

Client Authentication method for Token Endpoint.

option

client_secret_basic

Option	Description
client_secret_basic	Authorization using the HTTP Basic Authentication scheme.
client_secret_post	Authorization by including client credentials in the request body.
private_key_jwt	Authorization using the JWT profile and Assertion Framework for OAuth 2.0.

client-secret

OpenID Connect server client secret.

string

Maximum length: 255

private-key

OpenID Connect server RSA private key.

string

Maximum length: 35

verify-cert

Enable/disable certificate verification (default = enable).

option

enable

Option	Description
enable	Enable certificate verification.
disable	Disable certificate verification.

discovery-url

OpenID Connect server discovery URL.

string

Maximum length: 255

authorization-url

OpenID Connect server authorization URL.

string

Maximum length: 255

token-url

OpenID Connect server token URL.

string

Maximum length: 255

jwks-uri

URL of the OP's JWK Set document.

string

Maximum length: 255

domain-hint

Domain Hint.

string

Maximum length: 255

issuer

OpenID Connect server issuer.

string

Maximum length: 255

verify-issuer

Verify issuer in ID token (default = enable).

option

enable

Option	Description
enable	Enable verification of issuer in ID token (default).
disable	Disable verification of issuer in ID token.

user-attr-name

Which field in ID token is username

option

Option	Description
email	Use email in ID token as username.
sub	Use sub in ID token as username.
preferred_username	Use preferred_username in ID token as username.

user-regex

username must match this regex (case insensitive).

string

Maximum length: 255

group-attr-name

Which field in ID token is group names

string

Maximum length: 63

ldap-server <name>

LDAP server name(s).

LDAP server name.

string

Maximum length: 79

clock-tolerance

Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).

integer

Minimum value: 0 Maximum value: 300

config user oidc

Configure OpenID Connect servers.

config user oidc
    Description: Configure OpenID Connect servers.
    edit <name>
        set display-name {string}
        set icon-url {string}
        set type [discovery|manual]
        set client-id {string}
        set auth-type [client-secret|private-key]
        set auth-method [client_secret_basic|client_secret_post|...]
        set client-secret {string}
        set private-key {string}
        set verify-cert [enable|disable]
        set discovery-url {string}
        set authorization-url {string}
        set token-url {string}
        set jwks-uri {string}
        set domain-hint {string}
        set issuer {string}
        set verify-issuer [enable|disable]
        set user-attr-name [email|sub|...]
        set user-regex {string}
        set group-attr-name {string}
        set ldap-server <name1>, <name2>, ...
        set clock-tolerance {integer}
    next
end

config user oidc

Parameter

Description

Type

Size

Default

name

OpenID Connect server entry name.

string

Maximum length: 35

display-name

Display name. Used in OpenID Connect landing page.

string

Maximum length: 35

icon-url

Icon URL. Used in OpenID Connect landing page.

string

Maximum length: 255

type

Type of OpenID Connect config.

option

discovery

Option	Description
discovery	Use discovery URL to get configuration.
manual	Use manual configuration.

client-id

OpenID Connect server client ID.

string

Maximum length: 127

auth-type

Authentication Type of OpenID Connect config.

option

client-secret

Option	Description
client-secret	Authorization with Client Secret.
private-key	Authorization with RSA Private Key.

auth-method

Client Authentication method for Token Endpoint.

option

client_secret_basic

Option	Description
client_secret_basic	Authorization using the HTTP Basic Authentication scheme.
client_secret_post	Authorization by including client credentials in the request body.
private_key_jwt	Authorization using the JWT profile and Assertion Framework for OAuth 2.0.

client-secret

OpenID Connect server client secret.

string

Maximum length: 255

private-key

OpenID Connect server RSA private key.

string

Maximum length: 35

verify-cert

Enable/disable certificate verification (default = enable).

option

enable

Option	Description
enable	Enable certificate verification.
disable	Disable certificate verification.

discovery-url

OpenID Connect server discovery URL.

string

Maximum length: 255

authorization-url

OpenID Connect server authorization URL.

string

Maximum length: 255

token-url

OpenID Connect server token URL.

string

Maximum length: 255

jwks-uri

URL of the OP's JWK Set document.

string

Maximum length: 255

domain-hint

Domain Hint.

string

Maximum length: 255

issuer

OpenID Connect server issuer.

string

Maximum length: 255

verify-issuer

Verify issuer in ID token (default = enable).

option

enable

Option	Description
enable	Enable verification of issuer in ID token (default).
disable	Disable verification of issuer in ID token.

user-attr-name

Which field in ID token is username

option

Option	Description
email	Use email in ID token as username.
sub	Use sub in ID token as username.
preferred_username	Use preferred_username in ID token as username.

user-regex

username must match this regex (case insensitive).

string

Maximum length: 255

group-attr-name

Which field in ID token is group names

string

Maximum length: 63

ldap-server <name>

LDAP server name(s).

LDAP server name.

string

Maximum length: 79

clock-tolerance

Clock skew tolerance in seconds (0 - 300, default = 15, 0 = no tolerance).

integer

Minimum value: 0 Maximum value: 300

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

CLI Reference

config user oidc

config user oidc

config user oidc

config user oidc

config user oidc

config user oidc