Setting Up OIDC Relying Party with Client Credentials Flow
When configuring a new OIDC relying party for authentication to GENESIS, you can select Client Credentials Flow as the authentication method. Server-to-server authentication using a client ID and client secret; no user sign-in is required.
Client Credential Flow is available in GENESIS versions 11.05 and later.
Automated processes, background services, or machine-to-machine communication with the Web API.
To configure a relying party with the client credentials flow authentication:
-
Open Workbench and in Project Explorer, expand your project > Security .
-
Right-click OIDC Relying Parties and select Add OIDC Relying Party to open the configuration dialog.
-
At the top of the dialog, enter a name according to the client that you are configuring; for example, TestRESTClient. This name serves as the OIDC/OAuth Client Identifier (https://tools.ietf.org/html/rfc6749#section-2.2)
-
In General Settings, make sure the Enabled checkbox is selected. Optionally, enter a display name and description.
-
In the Flow types section, complete the following settings:
-
Select Client Credentials Flow Enabled .
-
In Credentials Permission Type, select the desired option that determines what permissions are granted to the applications using the flow.
-
Mapped to User —The application is granted the same permissions as the user selected in the next step, including any permissions inherited from its groups.
-
Full Access —The application is granted full permission.
-
-
In Client Credentials User Name , enter the user whose permissions are used when Permission Type is set to Mapped to User .
-
-
In the Login section, enter your client application's secret in the Client Secret text box. Generate a long random sequence of characters for the secret.
This field is mandatory for the client credentials flow authentication.
-
Complete the remaining settings as desired, and then click Apply .