WebHare can be setup as an OpenID Connect Identity Provider. First configure the WRD Schema itself: (this needs to be done only once per schema)
- Enable the
platform:identityproviderwebfeature for the site (this enables the .well-known/openid endpoint and helps WebHare find the login page for a schema) - Set up an IDP, eg:
wh auth -s <schema> idp-setup --issuer "<siteroot>"- Note that the issuer doesn't have to be the site root, but it will aid in autodiscovery
- If you're not setting up the default usermanagement schema as a provider, import the IDP schema into your WRD schema:
<import definitionfile="mod::wrd/data/wrdschemas/idp.wrdschema.xml" /> - Verify that you can reach
<siteroot>/.well-known/openid-configurationand see a JSON document there.
To add individual service providers request their OAuth2/OIDC callback URL and use the following command line:
wh auth [-s <schema>] add-rp "<title>" "<callbackurl>"
This will return the clientid and clientsecret which you should pass to the service provider.
You can retrieve your current IDP configuration using wh auth describe