Skip to main content
This document provides all necessary instructions to integrate your Identity Provider (IdP) — such as ADFS — with Visual Layer’s platform using the OpenID Connect (OIDC) protocol. We will work together to ensure a smooth Single Sign-On (SSO) experience.

OIDC Authentication Flow

1

Login Redirect

The user tries to log in to Visual Layer and is redirected to your IdP (OpenID Provider, OP) with the client ID.
2

User Authentication

The IdP authenticates the user.
3

Authorization Code Return

The user is redirected back to a predefined Redirect URI with an authorization code.
4

Token Exchange

Visual Layer exchanges this code, along with the client ID and secret, for Access and ID tokens.
5

User Info Retrieval

Optionally, additional user details can be retrieved using the Access Token via the UserInfo endpoint.

Information Required from Your Side

1. Well-Known Configuration URL

  • Provide your IdP’s OpenID configuration URL (For example: https://<your-adfs-domain>/adfs/.well-known/openid-configuration).
  • This allows us to automatically fetch metadata like authorization endpoints.

2. Client ID and Client Secret

  • Generate these credentials on your IdP (ADFS or any OIDC-compliant provider).
  • We will use these securely to authenticate against your IdP.

3. Allowed Scopes

  • Confirm which scopes are supported.
  • Typical scopes include: openid, profile, email.

4. Example Tokens

  • No need to send real user tokens.
  • Provide an example ID token and, if possible, a UserInfo response showing the available user claims.
{
  "sub": "abc123",
  "email": "user@company.com",
  "given_name": "Example",
  "family_name": "User",
  "preferred_username": "example.user"
}

Information We Will Provide

1. Redirect URI

  • Please configure this URI in your IdP:
    https://<VL-onprem-domain>/api/v1/oidc/callback
    
  • This is where users will be redirected after authentication.

Required Changes in Your OpenShift Settings

Update or Add the Following Settings:

# Existing settings
DISABLE_AUTH: 'false'
USAGE_REPORT_ENABLED: 'false'
STORAGE_KEY: <randomly generated key>

# New settings
OIDC_ISSUER: <value from well-known URL>
OIDC_CLIENT_ID: <CLIENT_ID>
OIDC_CLIENT_SECRET: <CLIENT_SECRET>
OIDC_REDIRECT_URI: 'https://<VL-onprem-domain>/api/v1/oidc/callback'

Frontend (FE) Settings:

REACT_APP_IS_AUTHENTICATION_DISABLED: false
Tip: To generate a random storage key:
openssl rand -base64 32

Permissions Management


Additional Notes

  • If needed, we can assist you with ADFS configuration, token structure validation, or claim mapping.
  • We support both cloud and on-premises deployments.
  • On-prem users: if you’re interested in an evaluation, we can provide a trial version to test before committing.
I