$Self->{AuthModule} = 'Kernel::System::Auth::OpenIDConnect';
# Define the authentication flow, currently supported are the authorization code flow...
$Self->{'AuthModule::OpenIDConnect::AuthRequest'}->{ResponseType} = [ 'code' ];
# Define the additional scope (openid is added automatically and does not need to be
# defined here). Make sure to add everything you want to interpret later.
$Self->{'AuthModule::OpenIDConnect::AuthRequest'}->{AdditionalScope} = [
qw/profile email/
];
# Set the ClientID and Redirect URI exactly as defined on the authorization server
# for the latter the Action must be "Login"
$Self->{'AuthModule::OpenIDConnect::Config'}{ClientSettings} = {
ClientID => 'xxxxx-xxxxx-xxxx-xxxx-xxxxxx',
RedirectURI => 'https://support.otobo.de/otobo/index.pl?Action=Login',
};
# For the authorization code flow the client secret has to be provided
$Self->{'AuthModule::OpenIDConnect::Config'}{ClientSettings}{ClientSecret} = 'xxxxxxxxxx';
# Provide the URL of the well-known openid-configuration of the OpenID provider
$Self->{'AuthModule::OpenIDConnect::Config'}{ProviderSettings} = {
OpenIDConfiguration => 'https://login.microsoftonline.com/5dddddf41bd-338c-4311-b1b0-e129ddddd34b/v2.0/.well-known/openid-configuration',
TTL => 60 * 30, # optional: time period the extracted openid-configuration is cached
Name => 'Intern4', # optional: necessary only if one needs to differentiate between User and CustomerUser configuration e.g.
# SSLOptions => { # if special ssl options are needed; SSLVerifyHostname => 0 is also possible but should only be used for testing purposes
# SSLCertificate => 'SSL_cert_file', # client certificate
# SSLKey => 'SSL_key_file', # client cert key
# SSLPassword => 'SSL_passwd_cb', # password for client cert key
# SSLCAFile => 'SSL_ca_file', # CA certificate
# SSLCADir => 'SSL_ca_path', # CA cert directory#
},
};
# Set the token claim to be used as identifier
$Self->{'AuthModule::OpenIDConnect::UID'} = 'preferred_username';
# Some optional additional settings
$Self->{'AuthModule::OpenIDConnect::Config'}{Misc} = {
UseNonce => 1, # add a nonce to request and token (this is primarily important for the implicit flow where it is enabled by default)
RandLength => 22, # length for state and nonce random strings - default: 22
RandTTL => 60 * 5, # valid time period for state and nonce (roughly the time a user can take to authenticate) - default: 300 s
};