...
OpenID Connect (OIDC) is a federated SSO authentication protocol built processed over OAuth2.0 and is already supported for authentication in the Kyvos web client and third party BI tools like Excelerate and TableauWeb Client.
| Panel |
|---|
| panelIconId | atlassian-note |
|---|
| panelIcon | :note: |
|---|
| bgColor | #DEEBFF |
|---|
|
Note From Kyvos 2024.1 onwards, a restart of the Kyvos Web Portal will not be required for Kyvos security configuration (Web based SSO). To access Excelerate Web and Desktop through OIDC, you must configure confidential and public OIDC. To access Tableau Server and Desktop through OIDC, you must configure confidential and public OIDC |
From Kyvos 2023.5 onwards, Kyvos supports OIDC authentication (Browser-based login/SSO ) for Excelerate desktop and web version.
Configuration Type | Kyvos Web Portal | Excelerate Desktop | Excelerate Web | Tableau Desktop | Tableau Server |
Confidential OIDC | 
| 
| | | |
Public OIDC | | | |
To configure the OIDC (Auth2.0) as an external authentication provider for the Kyvos Web Portal, perform the following steps.
...
Parameter/Field | Comments/Description |
|---|
Header Name | Enter the name of the HTTP header that contains the user name in the HTTP request. |
Header Type | Select the type of value to be sent by the external authentication tool as an SSO token. |
Error Redirection URL | Enter the URL to which the user will be redirected if there is an error in authenticating the Kyvos application with OIDC
Absolute URLs are supported.
For example: http://host:port/appname |
For OIDS Settings for Confidential Client and Public client, enter details as:
| Aura tab collection |
|---|
| params | JTdCJTIyZ2VuZXJhbCUyMiUzQSU3QiUyMnRhYlNwYWNpbmclMjIlM0EwJTJDJTIydGFiV2lkdGglMjIlM0ExMDAlMkMlMjJ0YWJIZWlnaHQlMjIlM0E1MCUyQyUyMmRpcmVjdGlvbiUyMiUzQSUyMmhvcml6b250YWwlMjIlN0QlMkMlMjJjb250ZW50JTIyJTNBJTdCJTIyYmFja2dyb3VuZENvbG9yJTIyJTNBJTdCJTIyY29sb3IlMjIlM0ElMjIlMjNmZmYlMjIlN0QlMkMlMjJib3JkZXIlMjIlM0ElN0IlMjJzdHlsZSUyMiUzQSUyMnNvbGlkJTIyJTJDJTIyd2lkdGglMjIlM0ExJTJDJTIydG9wJTIyJTNBdHJ1ZSUyQyUyMmJvdHRvbSUyMiUzQXRydWUlMkMlMjJsZWZ0JTIyJTNBdHJ1ZSUyQyUyMnJpZ2h0JTIyJTNBdHJ1ZSUyQyUyMmNvbG9yJTIyJTNBJTdCJTIybGlnaHQlMjIlM0ElMjIlMjNjY2NlY2YlMjIlN0QlN0QlMkMlMjJwYWRkaW5nJTIyJTNBJTdCJTIydG9wJTIyJTNBMTAlMkMlMjJyaWdodCUyMiUzQTEwJTJDJTIyYm90dG9tJTIyJTNBMTAlMkMlMjJsZWZ0JTIyJTNBMTAlN0QlN0QlMkMlMjJhY3RpdmUlMjIlM0ElN0IlMjJiYWNrZ3JvdW5kQ29sb3IlMjIlM0ElN0IlMjJjb2xvciUyMiUzQSU3QiUyMmxpZ2h0JTIyJTNBJTIyJTIzZjU4MjI3JTIyJTdEJTdEJTJDJTIydGV4dCUyMiUzQSU3QiUyMmZvbnRTaXplJTIyJTNBMTYlMkMlMjJjb2xvciUyMiUzQSU3QiUyMmxpZ2h0JTIyJTNBJTIyJTIzMDAwMDAwJTIyJTdEJTJDJTIydGV4dEFsaWduJTIyJTNBJTIybGVmdCUyMiUyQyUyMmZvbnRXZWlnaHQlMjIlM0ElMjJib2xkJTIyJTdEJTdEJTJDJTIyaG92ZXIlMjIlM0ElN0IlMjJiYWNrZ3JvdW5kQ29sb3IlMjIlM0ElN0IlMjJjb2xvciUyMiUzQSUyMiUyM2RmZTFlNiUyMiU3RCUyQyUyMnRleHQlMjIlM0ElN0IlMjJmb250U2l6ZSUyMiUzQTE4JTJDJTIyY29sb3IlMjIlM0ElMjIlMjM1ZTZjODQlMjIlMkMlMjJ0ZXh0QWxpZ24lMjIlM0ElMjJsZWZ0JTIyJTJDJTIyZm9udFdlaWdodCUyMiUzQSUyMmxpZ2h0ZXIlMjIlN0QlN0QlMkMlMjJpbmFjdGl2ZSUyMiUzQSU3QiUyMmJhY2tncm91bmRDb2xvciUyMiUzQSU3QiUyMmNvbG9yJTIyJTNBJTIyJTIzZjRmNWY3JTIyJTdEJTJDJTIydGV4dCUyMiUzQSU3QiUyMmZvbnRTaXplJTIyJTNBMTYlMkMlMjJjb2xvciUyMiUzQSUyMiUyMzVlNmM4NCUyMiUyQyUyMnRleHRBbGlnbiUyMiUzQSUyMmxlZnQlMjIlMkMlMjJmb250V2VpZ2h0JTIyJTNBJTIybGlnaHRlciUyMiU3RCUyQyUyMmJvcmRlciUyMiUzQSU3QiUyMnRvcCUyMiUzQXRydWUlMkMlMjJsZWZ0JTIyJTNBdHJ1ZSUyQyUyMnJpZ2h0JTIyJTNBdHJ1ZSUyQyUyMmJvdHRvbSUyMiUzQXRydWUlMkMlMjJ3aWR0aCUyMiUzQTElMkMlMjJzdHlsZSUyMiUzQSUyMnNvbGlkJTIyJTJDJTIyY29sb3IlMjIlM0ElN0IlMjJsaWdodCUyMiUzQSUyMiUyM2NjY2VjZiUyMiU3RCU3RCU3RCU3RA== |
|---|
|
| Aura tab |
|---|
| summary | OIDS Settings for Confidential Client |
|---|
| params | JTdCJTIydGl0bGUlMjIlM0ElMjJPSURTJTIwU2V0dGluZ3MlMjBmb3IlMjBDb25maWRlbnRpYWwlMjBDbGllbnQlMjAlMjIlN0Q= |
|---|
|
OIDC authentication for Kyvos Web Portal , and Excelerate Web, and Tableau Server. Parameter/Field | Comments/Description |
|---|
Client Id | Client ID provided by the authorization server upon registration of the application. This ID is used for identifying the client. | Client Secret | Secret to be used for authentication method. Kyvos Manager encrypts this secret. | Authorization URL | Endpoint URL provided by the authorization server. | Token URL | Access Token Endpoint URL provided by the authorization server. | Scope | Space-separated lists of identifiers are used to specify what access privileges are being requested from the authorization server in the initial authorization request. If left blank, the default 'openid profile email' will be used | Single Logout URL | URL to which the users are redirected on logging out. If left blank, there will be no single logout. | Verify ID Token | Select the checkbox to verify the signature of the ID tokens. If it is set as No, Kyvos will retrieve ID Token, decode it, and will use its claims without verifying its signature. | Authorization Server OpenId Metadata URL | Endpoint URL on the authorization server which provides metadata about the OIDC configuration of the authorization server. |
| Aura tab |
|---|
| summary | OIDC Settings for Public Client |
|---|
| params | JTdCJTIydGl0bGUlMjIlM0ElMjJPSURDJTIwU2V0dGluZ3MlMjBmb3IlMjBQdWJsaWMlMjBDbGllbnQlMjIlN0Q= |
|---|
|
OIDC authentication for Kyvos Web Portal , and Excelerate Desktop, and Tableau Desktop. Enter details as: Parameter/Field | Comments/Description |
|---|
Client Id | Client ID provided by the authorization server upon registration of the application. This ID is used for identifying the client. | Authorization URL | Endpoint URL provided by the authorization server. | Token URL | Access Token Endpoint URL provided by the authorization server. | Scope | Space-separated lists of identifiers are used to specify what access privileges are being requested from the authorization server in the initial authorization request. If left blank, the default 'openid profile email' will be used | Single Logout URL | URL to which the users are redirected on logging out. If left blank, there will be no single logout. | Verify ID Token | Select the checkbox to verify the signature of the ID tokens. If it is set as No, Kyvos will retrieve ID Token, decode it, and will use its claims without verifying its signature. | Authorization Server OpenId Metadata URL | Endpoint URL on the authorization server which provides metadata about the OIDC configuration of the authorization server. |
|
...
