Configuring an OpenID Connect Client

Enable web single sign-on and use the OpenID Connect Provider as an identity provider.

About this task

Client applications, for example, the Dynamic Workload Console, can verify the identity of a user by relying on authentication from an OpenID Connect Provider. You can configure the WebSphere Application Server Liberty Base server to function as an OpenID Connect Client to take advantage of web single sign-on and to use the OpenID Connect Provider as an identity provider.

To simply the configuration of the WebSphere Application Server Liberty Base server, a sample configuration file in XML format is provided named openid_connect.xml.

Procedure

Update the configuration file with the details about your identity provider.
  1. Copy the template file to a working directory. The template is located in the following path:
    UNIX
    DWC_DATA_dir/usr/servers/dwcServer/configDropins/templates/authentication
    Windows
    DWC_home\usr\servers\dwcServer\configDropins\templates\authentication
  2. Edit the template file in the working directory with the desired configuration.
  3. Optionally, create a backup copy of the configuration file authentication_config.xml present in the overrides directory in a different directory.
    Ensure you do not copy the backup file in the path where the template files are located.
  4. The overrides directory is located in the following path:
    UNIX
    DWC_DATA_dir/usr/servers/dwcServer/configDropins/overrides
    Windows
    DWC_home\usr\servers\dwcServer\configDropins\overrides
  5. Copy the updated template file to the overrides directory, renaming it to authentication_config.xml to override the original authentication_config.xml file.
    Alternatively, if you prefer maintaining the original name of the template, ensure you delete authentication_config.xml after you have copied the updated template file to the overrides directory to avoid conflicts.
  6. Stop and restart WebSphere Application Server Liberty Base using the stopappserver and startappserver commands located in TWA_home/appservertools.

What to do next

For more detailed information about the OpenID parameters and values to configure in the openid_connect.xml file, see the related WebSphere Application Server Liberty Base documentation at Configuring an OpenID Connect Client in Liberty.