Configure OIDC SSO

Create OIDC directory in MDCore

  1. Login to MDCore
  2. At dashboard, hit User Management in sidebar
  3. Under User Management page, choose Directories tab and hit Add directory on the top right
  1. In Add Directory page, choose OIDC in Directory Type, fill Name for the new directory, MDCore-OIDC for example
  2. Fill Host or IP where MDCore is hosting, https://127.0.0.1:8008 for this example
  3. Copy string generated under Login URL and store to redirect_uri

__

Create and configure OIDC application on PingOne

  1. In the PingOne Overview page, navigate Applicationson sidebar
  1. Hit on plus button to add new application
  1. Fill application name, MDCore-OIDC for an example, choose OIDC Web App for Application Type and hit Save
  1. Select Configuration tab, hit Edit button
  1. In Edit Configuration page, navigate to Redirect URIs and paste redirect_uri to the box below, then hit Save
  1. In Overview tab, navigate to OIDC Discovery Endpoint, copy the link below and store to metadata_url
  1. Select Configuration tab, expand General section, navigate to Client ID and Client Secret, copy and store them in client_id and client_secret.
  1. Select Attribute Mappings tab and hit Edit button
  1. In Edit Attribute Mappings page, hit Add to add new mapping

In this step, we make a mapping from the key name used by MDCore and the name exported by PingOne. For example, we set given_name mapped to Given Name exported by PingOne. Later on, given_name is used by MDCore to identify the login user
  1. Fill attribute name, given_name in this example, select item Given Name in PingOne Mappings and hit Save to complete
  1. Enable the new application on PingOne

Complete configuration on MDCore

  1. Switch back to MDCore, under Identity Provider, hit Fetch URL, paste metadata_url to the box under, and then hit OK, which requests MDCore to check and set PingOne as its IDP if succeed
  1. Under Service Provider, paste client_id and client_secret to boxes under Client ID and Client secret respectively
  2. Fill ${given_name} in the box under User identified by
  3. Select Default role option, choose the role to assign to login user under User Role and hit Add to complete setting on MDCore
  1. In User Management page, toggle the new directory, MDCORE-OIDC in this example. A dialog box is shown to confirm the action. Once Enable is hit, all sessions are expired immediately

Test the integration

  1. In Home screen on MDCore, hit Login, the user is redirected to login page from PingIdentity
  1. Login by the account registered to PingIdentity
  2. If everything goes right, MDCore dashboard is shown with user identity set at the top right corner
  1. Otherwise, access back login page at <mdcore-host>#/public/backuplogin for trouble shooting.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
General configuration
On This Page
Configure OIDC SSOCreate OIDC directory in MDCoreCreate and configure OIDC application on PingOneComplete configuration on MDCoreTest the integration