CR OIDCProvider

This CR declares the OpenID Connect Provider (OP), such as Airlock IAM.

Risk

The OIDC feature is currently in an experimental state.

We encourage you to try it out and give feedback, but we do not recommend using it in a production environment yet, as security has not yet been hardened.

The current implementation has the following limitations:

The state parameter is guessable.
Sessions are shared across all Microgateway Engines using the same Redis instance. I.e. if different applications share the same Redis instance, users may be able to access authenticated routes across applications, even if their OIDCRelyingParty configuration differs.

Example configuration

For the default and an example configuration, see CR OIDCProvider reference documentation. OP endpoints can be configured statically.

Notice

When using self-signed TLS certificates for securing the OP endpoints, tls settings must be configured accordingly.

Further information and links

API Reference:

CR OIDCProvider reference documentation