Skip to main content
Skip table of contents

Configuring OIDC

BCS Configuration

Before WDA can use OIDC, BCS needs to be configured to support it. (since BCS version 6.0.406.0)

For details, please check the BCSTechManual "6.4.6 BCS and OpenID Connect / JSON Web Tokens". (The chapter number and title may vary in different versions)

BCSS Configuration

It is worth mentioning that new version (since 3.3.317.0) of BCSS supports OIDC without special configurations. However, being a client of BCS, the shared client configuration to connect to BCS is needed, specifically WSPort and WSSPort under Digas\PlanServer\BCS_SERVER.

WDA Configuration

OIDC is supported in WDA as an opt-in feature, therefore some metadata needs to be configured at the "backend", currently, i.e., in the settings.json.

A valid configuration could be as the following:

OIDC Configuration in JSON

JS
{
	"oidc": {
			"providers": [
			{
				"name": "DIS",
				"url": "http://vm-dpedemo:5000/",
				"default": false
			},
			{
				"name": "ADFS",
				"url": "https://dpe2019.davidsystems.com/adfs"
			}
		]
	}
}

Some points:

  • If there is a valid truthy default provider configured, WDA will do automatic SSO when a user visits the login page of WDA.
  • If there is no truthy default provider configured, WDA will not do automatic SSO which gives the user on login page choice to chose among different login options.
  • Multiple defaults are allowed in configuration but only the first default would take effect

Related Information

  • Currently, WDA only explicitly supports DIS a.k.a. DigaSystem Identity Server (possible with AD-sync with Windows ADFS) as OIDC providers and multiple DIS servers are possible to be used as providers in configuration.
  • Using Windows ADFS as direct OIDC provider for WDA is planned but not yet supported.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.