OIDC Authentication Flow
1
Login Redirect
The user tries to log in to Visual Layer and is redirected to your IdP (OpenID Provider, OP) with the client ID.
2
User Authentication
The IdP authenticates the user.
3
Authorization Code Return
The user is redirected back to a predefined Redirect URI with an authorization code.
4
Token Exchange
Visual Layer exchanges this code, along with the client ID and secret, for Access and ID tokens.
5
User Info Retrieval
Optionally, additional user details can be retrieved using the Access Token via the UserInfo endpoint.
Information Required from Your Side
1. Well-Known Configuration URL
- Provide your IdP’s OpenID configuration URL (For example:
https://<your-adfs-domain>/adfs/.well-known/openid-configuration
). - This allows us to automatically fetch metadata like authorization endpoints.
2. Client ID and Client Secret
- Generate these credentials on your IdP (ADFS or any OIDC-compliant provider).
- We will use these securely to authenticate against your IdP.
3. Allowed Scopes
- Confirm which scopes are supported.
- Typical scopes include:
openid, profile, email
.
4. Example Tokens
- No need to send real user tokens.
- Provide an example ID token and, if possible, a UserInfo response showing the available user claims.
Information We Will Provide
1. Redirect URI
- Please configure this URI in your IdP:
- This is where users will be redirected after authentication.
Required Changes in Your OpenShift Settings
Update or Add the Following Settings:
Frontend (FE) Settings:
Tip: To generate a random storage key:
Permissions Management
- User access will be managed via the Dataset Manager Script.
- The customer-facing script is available here:
Dataset Manager Script on GitHub
Additional Notes
- If needed, we can assist you with ADFS configuration, token structure validation, or claim mapping.
- We support both cloud and on-premises deployments.
- On-prem users: if you’re interested in an evaluation, we can provide a trial version to test before committing.