16. Third-party authentication add-on for OIDC. Customer guide.

The OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

OpenID Connect is a very flexible standard and supports many authentication flows. At this time we only support the most popular authentication flow which is the “authorization_code” flow¹.

[1] https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth

16.1. Integration requisites.

  • It is required to have your LMS site in a domain of your own.

  • Enterprise or performance subscription with the add-on third-party authentication enabled.

16.2. Configuration steps.

16.2.1. Configuration of the OIDC oauth application.

Configuring OpenID connect requires a unique ClientID and a corresponding ClientSecret. These two values act as the identifier and the password for our service to your Identity Provider.

Apart from that, we need a few other configuration variables. These variables are published by OIDC in a discovery endpoint which you only need to send us.

In summary, to get started we need you to send us:

1. Client ID and Client Secret

2. Configuration variables Using Discovery Endpoint

The discovery endpoint is a URL where there is a JSON document containing all the information required by OIDC to connect.

It is present on your Identity service on a URL that ends with “.well-known/openid-configuration/”.

As example, you can see the following Google’s OIDC openid-configuration.

The values of your own endpoint will be a little different, but the format and most of the JSON keys will be the same.

16.2.2. Provide eduNEXT with a valid test user.

Once you enable OIDC, our support personnel will have to run some final configurations on our side. For this, we need to be able to test your provider. Please create a user for us. If we can create it ourselves, let us know how to.

When filling the profile of the test user on your side please fill the complete profile as you would with one of your regular users.

Email:         [email protected]
Username:      edunext_support_organizationname
First name:    fn_edunext organizationname
Last name:     ln_support organizationname
Full name:     n_edunext_support organizationname

Note

The organization name is the record you select when creating a new course for your LMS site.

Account information

We also kindly recommend not delete this user. We will use it from time to time to solve support tickets that you might send us regarding authentication. Also, we use it to test that your SSO is working correctly when we do updates to the underlying tech of our service.