GENESIS as an OIDC Identity Provider

In addition to connecting to third-party identity providers, GENESIS Security Server can itself act as an OIDC identity provider for in-house applications and third-party clients that use OIDC to log into GENESIS.

Our in-house clients, such as GraphWorX or WebHMI, make use of this OIDC identity provider when they are configured to use the web login feature. Learn more

Third-party clients that can connect to GENESIS Security as an OIDC relying party include:

Alexa
Cortana
Google Home
Apple Watch

When setting up OIDC for Cortana, Alexa, or other bots that are supported by GENESIS, follow the respective product's documentation.

Other 3rd parties can also use this feature, although our OIDC implementation does not expose all features of the specifications.

GENESIS Security as an OIDC relying party implements the following specifications:

OpenID Connect Core 1.0 - http://openid.net/specs/openid-connect-core-1_0.html
OpenID Connect Discovery 1.0 - http://openid.net/specs/openid-connect-discovery-1_0.html
OpenID Connect Session Management 1.0 - draft 28 - http://openid.net/specs/openid-connect-session-1_0.html
OAuth 2.0 - http://tools.ietf.org/html/rfc6749
Proof Key for Code Exchange - https://tools.ietf.org/html/rfc7636

The only OIDC authentication flow that is supported is the Authorization Code flow with PKCE always enabled. Using a client secret is not supported.

If the client requires other specifications, you need to configure a custom OIDC relying party with the Authorization Code flow.