...
Field | Comments | Example |
---|---|---|
Base URL | This is the base URL of the Identity Provider | https://stage.id.trimblecloud.com |
Application Name/Scope | This is the AMS application name (or scope) assigned in the Idp | AgileAssets AMS |
Client ID | This is the AMS application ID assigned by the Idp | abc-def-ghi-jkl-mno |
Client Secrete | This is the client secrete assigned by the IDP | [Redacted] |
OAuth Authorization Endpoint | OpenID Authorization End point | /oauth/authorize |
OAuth Token Endpoint | OpenID Token End point | /oauth/token |
OAuth User Info Endpoint | OpenID User information End point | /oauth/userinfo |
Info |
---|
Note: Currently, the 3 endpoint URLs used in OpenID configuration must be in relative to the Base URL. |
Idp configuration will also need a Redirect URL (or Call Back URL) from AMS. The URL is the application URL appended with /sso at the end. In this example, it will be https://quappv21.agileassets.com/ams-web/sso
AMS Configuration
Encrypt Client Secret
...
Make the following changes in AMS's web.xml file under Tomcat application folder. Note this section in web.xml file is by default commented out. Make sure to un-comment this section.
Code Block | ||||
---|---|---|---|---|
| ||||
<servlet> <servlet-name>SsoServlet</servlet-name> <servlet-class>com.agileassetsinc.core.servlet.SsoServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>SsoServlet</servlet-name> <url-pattern>/sso</url-pattern> </servlet-mapping> <filter> <filter-name>OpenIdSSOFilter</filter-name> <filter-class>com.agileassetsinc.core.OpenidSsoFilter</filter-class> <init-param> <param-name>openIdBaseUrl</param-name> <param-value>Base URL (eg: https://stage.id.trimblecloud.com)</param-value> </init-param> <init-param> <param-name>openIdAppName<name>openIdScope</param-name> <param-value>Application Name (eg: AgileAssets AMS)</param-value> </init-param> <init-param> <param-name>openIdClientId</param-name> <param-value>Client ID (eg: abc-def-ghi-jkl-mno)</param-value> </init-param> <init-param> <param-name>openIdClientSecretEncrypted</param-name> <param-value>Encrypted Client Secret (eg: @aaEncrypted@ABCDEFG)</param-value> </init-param> <init-param> <param-name>openIdOauthAuthorizationEndpoint</param-name> <param-value>OpenID Authorization End point (eg: /oauth/authorize)</param-value> </init-param> <init-param> <param-name>openIdOauthTokenEndpoint</param-name> <param-value>OpenID Token End point (eg: /oauth/token)</param-value> </init-param> <init-param> <param-name>openIdOauthUserinfoEndpoint</param-name> <param-value>OpenID User information End point (eg: /oauth/userinfo)</param-value> </init-param> </filter> <filter-mapping> <filter-name>OpenIdSSOFilter</filter-name> <url-pattern>/sso</url-pattern> </filter-mapping> |
...