Using the OpenID Connect protocol as client

Airlock IAM as a client supports the OpenID Connect protocol.

• When using OpenID Connect Airlock IAM will process the id token and no longer needs resources mappings for claims provided in the id token.
• OpenID Connect is used when either OIDC Flow Client or OIDC Discovery Flow Client plugins are configured as AS Settings For Flow Clients.
• When using OpenID Connect, Airlock IAM validates the id token received together with the OAuth 2.0 access token. If the validation fails, the login process will fail.

It is recommended to use OAuth 2.0 if the presence of an id token cannot be guaranteed.

• A detailed configuration example for the JSP-Loginapp is available here: OAuth 2.0 SSO configuration examples